Re: bin/58005: passwd always errors out; cannot change passwords anymore

[Michael Cheponis <michael.cheponis%gmail.com@localhost>]

This is interesting.

# more passwd.conf 
#       $NetBSD: passwd.conf,v 1.4 2021/10/26 20:44:45 nia Exp $
#
# passwd.conf(5) -
#       password configuration file
#

default:
        localcipher = argon2id
        ypcipher = old

cat /usr/mac/SS/root/etc/passwd.conf    <--- Where the very old saved /etc is.
default:
  localcipher = sha1
  ypcipher = sha1

Do I need to change the passwd.conf so ypcipher = argon2id ?

Just to emphasize, this must have been changed by sysupdate when I went from _RC3 to _RC5

Thank you,

Mike

On Thu, Mar 7, 2024 at 2:30 AM Michael van Elst <mlelstv%serpens.de@localhost> wrote:

The following reply was made to PR bin/58005; it has been noted by GNATS.

From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Date: Thu, 7 Mar 2024 10:29:11 -0000 (UTC)

 michael.cheponis%gmail.com@localhost writes:

 >4. I saved /etc so I copied into /etc a previous version of spwd.db
 >5. This allowed logging in to the machine.
 >6. passwd always fails henceforth like this:

 >Couldn't generate salt.
 >Unable to change auth token: Error in service module

 >passwd.conf:    localcipher = argon2id


 This happens when passwd.conf is bad and the "localcipher" (or
 "ypcipher" for NIS accounts) is unknown.

 Can you please check your passwd.conf file ?


 N.B. spwd.db is generated. If it gets damaaged, I'd check/recover the
 source (aka the passwd.master file) and rebuild spwd.db.