Subject: Re: PAM's "failed to recover old authentication token"
To: None <current-users@NetBSD.org>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 07/12/2005 07:05:51
In message <20050712105443.GC11365@www.vecirex.net>, Hernani Marques Madeira wr
>After updating from 3.99.3 to .7 (kernel+userland) on a /i386 machine I seem
>to have lost my passwords, from both, my users and root and get the following
>msg when I try to `passwd user`:
>firestarter# passwd user
>Unable to change auth token: failed to recover old authentication token
>chsh(1) also quits with following msgs after trying to change sth there:
>chsh: /etc/master.passwd: entry inconsistent
>chsh: /etc/master.passwd: unchanged
>su(1) doesn't work either, it quits with:
>firestarter# su user
>su: unknown login su
>Are these problems, that are related to PAM, known to someone, even on this
>particular version perhaps? Or should I investigate deeper?
>Probably there are even solved, although some PR related to PAM is still
>It may also have to do with etcupdate(1) that updated too much/less.
>After creating a new user, however, anything goes well with that one, also
>su'ing to him, chsh'ing with him.
>I am primarily interested in why that happened, because the occurence
>of such inconsistencies are not known by me from updates done by me before
The first thing I'd check is that those commands are properly setuid.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb