Gary Winiger <gww at marduk.eng.sun.com> points out that the following Solaris 8 bugs all of which are fixed in Solaris 9 are very likely relevant to this problem: 4284795 when passwd is given the -r option, it ignores /etc/pam.conf 4415159 unix_scheme pam_chauthtok does not stack 4415162 unix_scheme pam_chauthtok too tightly coupled with passwd It seems like we should really try with Solaris 9. On Thu, Jun 27, 2002 at 04:10:22PM +1000, John Warburton wrote: > > Hi > > Thanks for the reply - well I can change my password as either myself or > root: > > johnw@dawkins% passwd johnw > Enter current password: > > You can now choose the new password. > > A valid password should be a mix of upper and lower case letters, > digits and other characters. You can use an 8 character long > password with characters from at least 3 of these 4 classes, or > a 7 character long password containing characters from all the > classes. Characters that form a common pattern are discarded by > the check. > > Enter new password: > Re-type new password: > passwd (SYSTEM): passwd successfully changed for johnw > > AND > > root@dawkins# passwd johnw > > You can now choose the new password. > > A valid password should be a mix of upper and lower case letters, > digits and other characters. You can use an 8 character long > password with characters from at least 3 of these 4 classes, or > a 7 character long password containing characters from all the > classes. Characters that form a common pattern are discarded by > the check. > > Enter new password: > Re-type new password: > passwd (SYSTEM): passwd successfully changed for johnw > > so, it looks like that is working OK. > > If I try & login with telnet, I get a similar effort: > > % telnet dawkins > > Connected to dawkins. > Escape character is '^]'. > > SunOS 5.8 > login: johnw > Password: > Choose a new password. > > You can now choose the new password. > > A valid password should be a mix of upper and lower case letters, > digits and other characters. You can use an 8 character long > password with characters from at least 3 of these 4 classes, or > a 7 character long password containing characters from all the > classes. Characters that form a common pattern are discarded by > the check. > > Enter new password: > Re-type new password: > telnet(SYSTEM): Sorry. > Connection closed by foreign host. > > Jun 27 16:14:29 dawkins login: [ID 308033 auth.debug] pam_acct_mgmt: error > Get new authentication token > Jun 27 16:14:36 dawkins login: [ID 125209 auth.debug] pam_chauthtok: error > Authentication token manipulation error > Jun 27 16:14:36 dawkins login: [ID 376080 auth.crit] change password > failure: Authentication token manipulation error > > So this is not limited to SSH > > Hope this helps pin the issue > > Thanks > > John -- /sd
