Before I go off and start checking I'm just wondering if anyone has seen this behaviour before.
Code:
[root@fbakirpomd4 ~]# passwd e825390
Changing password for user e825390.
New password:
Retype new password:
Retype new password:
passwd: all authentication tokens updated successfully.
As you can see there is an extra "Retype new Password", the system is;
Code:
[root@fbakirpomd4 ~]# uname -a
Linux fbakirpomd4 3.10.0-862.el7.x86_64 #1 SMP Wed Mar 21 18:14:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@fbakirpomd4 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
[root@fbakirpomd4 ~]#
The system has been built and a new "Security Standard" applied, this was done as a result of a "Security Audit" by a company called CGI.
This will cause an issue with a number of the standard accounts that we have on the servers going forward, the idea is to have a standard build so it has to be correct - one problem that I can foress is that the passwords are changed on the aforementioned accounts using an expect script and the second "Retype new Password" will break the script.
So I thought that I'd ask here before I raise an incident with Red Hat support.
I've seen this when multiple PAM rules are matched for one user or group.
Check pam configuration for such rules.
For instance :
Code:
.. other lines ..
password [default=1 success=ignore] pam_succeed_if.so ... <some conditions like uid gid>
password requisite pam_cracklib.so ... <other pw related stuff>
password [default=1 success=ignore] pam_succeed_if.so ... <other conditions for uid gid>
password requisite pam_cracklib.so ... <other pw related stuff>
... other lines...
If a user matches both conditions it will get password prompt twice.
So, AFAIK PAM rules should be very specific and be exclusive, so two rules do not match one group or user.
This is a bit older release, but in newer it is the same, except pam_pwquality.so is used.
Files which are used for such rules are :
Code:
/etc/pam.d/system-auth
/etc/pam.d/password-auth
Hope that helps
Regards
Peasant.
These 3 Users Gave Thanks to Peasant For This Post:
Some background:
The application normally runs on an embedded platform. Currently, for development purposes, I have the rootfs located @ /exports and the target is communicating over NFS. That way I can make a change on my local system, save the application @ /exports, and run the altered... (4 Replies)
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Hi guys, I wondered if someone would be able to help me.
I have a number of files which all have entries in them looking something like;
And I'm looking for a way where by I can compare a number of these files and identify the odd numbers in the sequence.
So for example if I had to... (1 Reply)
Is it normal behavior for a shell script that terminates to terminate its parent shell when executed with the "." option?
For example, if I have the example script (we'll name it ex.sh):
#!/bin/sh
if
then
echo "Bye."
exit 2
fi
And I execute it like this:
>./ex.sh
It... (6 Replies)
Hi, We have some troubles with our HP server (rx4640) running HP-UX 11.31. The server is attached to a JBod cabinet. If the JBod cabinet is powered on and we power on the server after then HP-UX can't find the devices (disks) at the cabinet. Does not help to run an ioscan -fnC disk. But if I power... (3 Replies)
Hello, I have been working on a what I thought was a fairly simple script for installing a software kit on Linux and Unix
I am not new to scripting but am far from being fluent in sh scripting.
any assistance would be appreciated.
I have an odd bug occuring when executing the script.
When... (2 Replies)
I need a unix script that check for even or odd. EXAMPLE::::
please enter the number to check: 12
the output: This is an even number
it has to have prompts. (2 Replies)