NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/58005: passwd always errors out; cannot change passwords anymore
The following reply was made to PR bin/58005; it has been noted by GNATS.
From: Michael Cheponis <michael.cheponis%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/58005: passwd always errors out; cannot change passwords anymore
Date: Fri, 8 Mar 2024 11:37:56 -0800
--0000000000005c958d06132b5610
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
My only guess would be, then: is my /etc/passwd.conf somehow getting
bypassed or not seen?
# ll pass*
-rw-r--r-- 1 root wheel 1629 Mar 4 06:59 passwd
-rw-r--r-- 1 root wheel 162 Jan 16 08:28 passwd.conf
# ll pwd.db
-rw-r--r-- 1 root wheel 40960 Mar 4 06:59 pwd.db
# ll spwd.db
-rw------- 1 root wheel 40960 Mar 4 07:02 spwd.db
I changed passwd.conf to the old. original passwd.conf (using sha1).
passwd reported:
# passwd root
Unable to update password entry: /etc/master.passwd: entry root inconsisten=
t
gecos
Unable to change auth token: Error in service module
( I didn't accept all changes, in fact, getting the password stuff was
where I was most careful. I ultimately said leave it along, I'll manually
fix it - which I did post-upgrade.
Since it was manually done, sure, there's a good possibility of phat
fingering something. )
Do you have any suggestions as to how to fix this?
Thank you,
Mike Cheponis
On Fri, Mar 8, 2024 at 2:40=E2=80=AFAM Michael van Elst <mlelstv%serpens.de@localhost=
> wrote:
> The following reply was made to PR bin/58005; it has been noted by GNATS.
>
> From: mlelstv%serpens.de@localhost (Michael van Elst)
> To: gnats-bugs%netbsd.org@localhost
> Cc:
> Subject: Re: bin/58005: passwd always errors out; cannot change passwords
> anymore
> Date: Fri, 8 Mar 2024 10:35:42 -0000 (UTC)
>
> michael.cheponis%gmail.com@localhost (Michael Cheponis) writes:
>
> >default:
> > localcipher =3D argon2id
> > ypcipher =3D old
>
>
> >cat /usr/mac/SS/root/etc/passwd.conf <--- Where the very old saved
> /etc
> >is.
> >default:
> > localcipher =3D sha1
> > ypcipher =3D sha1
>
>
> >Do I need to change the passwd.conf so ypcipher =3D argon2id ?
>
> That depends on what you want to get.
>
> ypcipher is used for NIS, and for compatibility with ancient
> systems that still use NIS, this is configured as "old", meaning
> the traditional DES encryption without tagging.
>
> In any case, neither would have caused the reported error. The
> pw_gensalt() function that failed supports:
>
> static const struct pw_salt {
> const char *name;
> int (*gensalt)(char *, size_t, const char *);
> } salts[] =3D {
> { "old", __gensalt_old },
> { "new", __gensalt_new },
> { "newsalt", __gensalt_new },
> { "md5", __gensalt_md5 },
> { "sha1", __gensalt_sha1 },
> { "blowfish", __gensalt_blowfish },
> #ifdef HAVE_ARGON2
> /* argon2 default to argon2id */
> { "argon2", __gensalt_argon2id},
> { "argon2id", __gensalt_argon2id},
> { "argon2i", __gensalt_argon2i},
> { "argon2d", __gensalt_argon2d},
> #endif /* HAVE_ARGON2 */
> { NULL, NULL }
> };
>
> If the configured salt method doesn't match anything, you get
> exactly the reported error.
>
>
> >Just to emphasize, this must have been changed by sysupdate when I went
> >from _RC3 to _RC5
>
> If the update changed such things, you must have either unpacked the
> etc.tgz set directly, or run etcupdate and accept the corresponding
> (or all) changes.
>
> But again, the reported passwd.conf content doesn't produce that
> error. "argon2id", "old" and "sha1" are all known salt methods.
>
>
>
>
--0000000000005c958d06132b5610
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small">My only guess would be, then: is my /et=
c/passwd.conf somehow getting bypassed or not seen?</div><div class=3D"gmai=
l_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small"=
><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetic=
a,sans-serif;font-size:small"># ll pass*=C2=A0<br>-rw-r--r-- =C2=A01 root =
=C2=A0wheel =C2=A01629 Mar =C2=A04 06:59 passwd<br>-rw-r--r-- =C2=A01 root =
=C2=A0wheel =C2=A0 162 Jan 16 08:28 passwd.conf<br></div><div class=3D"gmai=
l_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small"=
><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetic=
a,sans-serif;font-size:small"># ll pwd.db=C2=A0<br>-rw-r--r-- =C2=A01 root =
=C2=A0wheel =C2=A040960 Mar =C2=A04 06:59 pwd.db<br></div><div class=3D"gma=
il_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small=
"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helveti=
ca,sans-serif;font-size:small"># ll spwd.db<br>-rw------- =C2=A01 root =C2=
=A0wheel =C2=A040960 Mar =C2=A04 07:02 spwd.db<br></div><div class=3D"gmail=
_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small">=
<br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica=
,sans-serif;font-size:small">I changed passwd.conf to the old. original pas=
swd.conf=C2=A0 (using sha1).=C2=A0 passwd reported:</div><div class=3D"gmai=
l_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small"=
><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetic=
a,sans-serif;font-size:small"># passwd root</div>Unable to update password =
entry: /etc/master.passwd: entry <span class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif;font-size:small"></span>r<span class=3D=
"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:s=
mall">oot=C2=A0</span>inconsistent gecos<br>Unable to change auth token: Er=
ror in service module<br><div class=3D"gmail_default" style=3D"font-family:=
arial,helvetica,sans-serif;font-size:small"><br></div><div class=3D"gmail_d=
efault" style=3D"font-family:arial,helvetica,sans-serif;font-size:small"><b=
r></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif"><font size=3D"1">( I didn't accept all changes, in fact, get=
ting the password stuff was where I was most careful.=C2=A0 I ultimately sa=
id leave it along, I'll manually fix it - which I did post-upgrade.</fo=
nt></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,=
sans-serif"><font size=3D"1">Since it was manually done, sure, there's =
a good possibility of phat fingering something. )</font></div><div class=3D=
"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:s=
mall"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,hel=
vetica,sans-serif;font-size:small"><br></div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif;font-size:small">Do you have=
any suggestions as to how to fix this?</div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif;font-size:small"><br></div><=
div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif=
;font-size:small">Thank you,</div><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif;font-size:small">Mike Cheponis</div><di=
v class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;f=
ont-size:small"><br></div><div class=3D"gmail_default" style=3D"font-family=
:arial,helvetica,sans-serif;font-size:small"><br></div></div><br><div class=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Mar 8, 2024 =
at 2:40=E2=80=AFAM Michael van Elst <<a href=3D"mailto:mlelstv@serpens.d=
e">mlelstv%serpens.de@localhost</a>> wrote:<br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex">The following reply was made to PR bin/58005; it has b=
een noted by GNATS.<br>
<br>
From: <a href=3D"mailto:mlelstv%serpens.de@localhost"; target=3D"_blank">mlelstv@serpe=
ns.de</a> (Michael van Elst)<br>
To: <a href=3D"mailto:gnats-bugs%netbsd.org@localhost"; target=3D"_blank">gnats-bugs@n=
etbsd.org</a><br>
Cc: <br>
Subject: Re: bin/58005: passwd always errors out; cannot change passwords a=
nymore<br>
Date: Fri, 8 Mar 2024 10:35:42 -0000 (UTC)<br>
<br>
=C2=A0<a href=3D"mailto:michael.cheponis%gmail.com@localhost"; target=3D"_blank">micha=
el.cheponis%gmail.com@localhost</a> (Michael Cheponis) writes:<br>
<br>
=C2=A0>default:<br>
=C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 localcipher =3D argon2id<br>
=C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 ypcipher =3D old<br>
<br>
<br>
=C2=A0>cat /usr/mac/SS/root/etc/passwd.conf=C2=A0 =C2=A0 <--- Where t=
he very old saved /etc<br>
=C2=A0>is.<br>
=C2=A0>default:<br>
=C2=A0>=C2=A0 localcipher =3D sha1<br>
=C2=A0>=C2=A0 ypcipher =3D sha1<br>
<br>
<br>
=C2=A0>Do I need to change the passwd.conf so ypcipher =3D argon2id ?<br=
>
<br>
=C2=A0That depends on what you want to get.<br>
<br>
=C2=A0ypcipher is used for NIS, and for compatibility with ancient<br>
=C2=A0systems that still use NIS, this is configured as "old", me=
aning<br>
=C2=A0the traditional DES encryption without tagging.<br>
<br>
=C2=A0In any case, neither would have caused the reported error. The<br>
=C2=A0pw_gensalt() function that failed supports:<br>
<br>
=C2=A0static const struct pw_salt {<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const char *name;<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0int (*gensalt)(char *, size_t, const char=
*);<br>
=C2=A0} salts[] =3D {<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "old", __gensalt_old },<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "new", __gensalt_new },<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "newsalt", __gensalt_new },<b=
r>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "md5", __gensalt_md5 },<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "sha1", __gensalt_sha1 },<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "blowfish", __gensalt_blowfis=
h },<br>
=C2=A0#ifdef HAVE_ARGON2<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/* argon2 default to argon2id */<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "argon2", __gensalt_argon2id}=
,<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "argon2id", __gensalt_argon2i=
d},<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "argon2i", __gensalt_argon2i}=
,<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ "argon2d", __gensalt_argon2d}=
,<br>
=C2=A0#endif /* HAVE_ARGON2 */<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{ NULL, NULL }<br>
=C2=A0};<br>
<br>
=C2=A0If the configured salt method doesn't match anything, you get<br>
=C2=A0exactly the reported error.<br>
<br>
<br>
=C2=A0>Just to emphasize, this must have been changed by sysupdate when =
I went<br>
=C2=A0>from _RC3 to _RC5<br>
<br>
=C2=A0If the update changed such things, you must have either unpacked the<=
br>
=C2=A0etc.tgz set directly, or run etcupdate and accept the corresponding<b=
r>
=C2=A0(or all) changes.<br>
<br>
=C2=A0But again, the reported passwd.conf content doesn't produce that<=
br>
=C2=A0error. "argon2id", "old" and "sha1" are=
all known salt methods.<br>
<br>
<br>
<br>
</blockquote></div>
--0000000000005c958d06132b5610--
Home |
Main Index |
Thread Index |
Old Index