Ubuntu
pam package

passwd refuses to set password for users without entry in /etc/shadow

Bug #203881 reported by Alexander Sack
6
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

steps to reproduce in hardy beta (preview):

1. setup NEWUSER by hand in /etc/passwd and if applicable add a new group in /etc/group
2. run passwd NEWUSER

expected behavior
============

passwd will ask you for a new password

actual result
========

it refuses to set the password. the message on the console is:

$ sudo passwd NEWUSER
passwd: Authentication service cannot retrieve authentication info
passwd: password unchanged

workaround
========

duplicate some random user in /etc/shadow and rename its userid to NEWUSER; after that passwd will ask for a new password and set it accordingly.

See original description
Revision history for this message
Alexander Sack (asac) wrote :

i am milestoning as this appears to be a regression in a base linux feature. (at least i cannot remember that it ever not worked). Feel free to bump milestone to :later if you think this is not worth fixing for hardy.

Thanks,
  - Alexander

Changed in shadow:
importance: Undecided → Medium
milestone: none → ubuntu-8.04
status: New → Confirmed
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

What is the value of the password field within /etc/passwd? A value of "x" tells pam_unix that it should look in /etc/shadow; I don't think this is a regression.

Colin Watson (cjwatson)
Changed in shadow:
status: Confirmed → Incomplete
Steve Langasek (vorlon)
Changed in shadow:
milestone: ubuntu-8.04 → none
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in shadow:
status: Incomplete → Invalid
Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

Steve Langasek wrote on 2008-03-26:

> What is the value of the password field within /etc/passwd? A value of "x" tells pam_unix that it should look in
> /etc/shadow; I don't think this is a regression.

In my case there indeed was an 'x'. But the user was missing in /etc/shadow.

I guess the error reply from pam_unix is too hard to parse for mortal humans. I myself did not understand where the problem was, when I read the error message.

The problem in my case was that I was renaming a user manually and forgot to change it correctly in /etc/shadow. Thus there was a user entry in /etc/passwd but not in /etc/shadow.

I'd expect pam_unix to tell me: "There's no user $USER in /etc/shadow"

I'd say this report is rather a request for improvement of the error reporting by pam_unix.

Changed in shadow:
status: Invalid → New
Revision history for this message
Steve Langasek (vorlon) wrote :

I think I disagree that pam_unix bears responsibility for providing more detailed error messages, I think it's preferable that PAM modules communicate primarily via the error codes since that's all the user will ever see with some applications. But it's a valid request anyway, so reassigning to pam and leaving it open for further consideration.

Changed in shadow:
importance: Medium → Wishlist
status: New → Confirmed
Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :

I agree with Tomas. Some meaningful message, in /var/log/auth at least would be very helpful. In general, not just with pam_unix.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.