On 18.03.2009 15:28, Marc Weber wrote:
I'm getting this on my vserver:
[root@nixos:~]# passwd root
Changing password for root.
passwd: Permission denied
[root@nixos:~]# cat /etc/pam.d/passwd
auth include common
account include common
password include common
session include common
[root@nixos:~]# cat /etc/pam.d/common
# auth sufficient /no-such-path/lib/security/pam_ldap.so
auth sufficient
/nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
debug
auth required pam_deny.so debug
# account optional /no-such-path/lib/security/pam_ldap.so
account required
/nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
debug
# password sufficient /no-such-path/lib/security/pam_ldap.so
password sufficient
/nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
debug
# session optional /no-such-path/lib/security/pam_ldap.so
session required
/nix/store/22w3l41qxszyisqn09pjad8vc93kwr49-pam_unix2-2.1/lib/security/pam_unix2.so
debug
syslog:
Mar 18 12:26:41 nixos passwd[7919]: pam_unix2(passwd:chauthtok): pam_sm_chauthtok() called
Mar 18 12:26:41 nixos passwd[7919]: pam_unix2(passwd:chauthtok): username=[root]
Mar 18 12:26:41 nixos passwd[7919]: User root: Permission denied
strace output looks like this: http://rafb.net/p/7jq2vb43.html
The problem is with settings in /etc/login.defs, I think. I've no idea why is it
used. Moreover, your installation looks very unusual, strange to me. For
example, originally spawned passwd execs another, "real" passwd from the
different location, while the latter still uses /etc/login.defs, not login.defs
from the appropriate location. I think, you should invoke passwd from the
context of the virtual server, not from the master context.
--
Sincerely Your, Dan.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
