Subject: Re: PAM's "failed to recover old authentication token"
To: None <current-users@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: current-users
Date: 07/12/2005 07:05:51
In message <20050712105443.GC11365@www.vecirex.net>, Hernani Marques Madeira wr
ites:
>Hello.
>
>After updating from 3.99.3 to .7 (kernel+userland) on a /i386 machine I seem 
>to have lost my passwords, from both, my users and root and get the following
>msg when I try to `passwd user`:
>
>[snip]
>firestarter# passwd user
>Unable to change auth token: failed to recover old authentication token
>[/snip]
>
>chsh(1) also quits with following msgs after trying to change sth there:
>[snip]
>chsh: /etc/master.passwd: entry inconsistent
>chsh: /etc/master.passwd: unchanged
>[/snip]
>
>su(1) doesn't work either, it quits with:
>[snip]
>firestarter# su user
>su: unknown login su
>[/snip]
>
>Are these problems, that are related to PAM, known to someone, even on this 
>particular version perhaps? Or should I investigate deeper?
>
>Probably there are even solved, although some PR related to PAM is still
>pending.
>
>It may also have to do with etcupdate(1) that updated too much/less.
>
>After creating a new user, however, anything goes well with that one, also
>su'ing to him, chsh'ing with him.
>I am primarily interested in why that happened, because the occurence 
>of such inconsistencies are not known by me from updates done by me before 
>that one.
>
>Suggestions?
>

The first thing I'd check is that those commands are properly setuid.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb