Can't login with password

Can't login with password

Post by Bill » Thu, 27 Apr 2000 04:00:00



About two weeks ago, we lost the ability to log in as any user -
including root - if a password was required.  We are using shadow
passwords.

Yesterday, I deleted the password references from passwd and shadow for
two users - root and myself, and then logged in.  The system immediately
gave me access at the appropriate levels.  I then used passwd to put a
password back for root.  As soon as I did this, I tried to log back in,
and got a "login incorrect" error message.

Any ideas as to what might cause this and how to fix it?

 
 
 

Can't login with password

Post by David Guerize » Thu, 27 Apr 2000 04:00:00


It happens to me twice in a week on two different machines.
I know it's about PAM but don't know how to fix it (so I'm also interrested
by the answer ;-)
I had to re-install RH6.1 from scratch...

Good luck

David



Quote:> About two weeks ago, we lost the ability to log in as any user -
> including root - if a password was required.  We are using shadow
> passwords.

> Yesterday, I deleted the password references from passwd and shadow for
> two users - root and myself, and then logged in.  The system immediately
> gave me access at the appropriate levels.  I then used passwd to put a
> password back for root.  As soon as I did this, I tried to log back in,
> and got a "login incorrect" error message.

> Any ideas as to what might cause this and how to fix it?


 
 
 

Can't login with password

Post by Gene Hesket » Thu, 27 Apr 2000 04:00:00


Unrot13 this;

Gene Heskett sends Greetings to Bill ;

Quote:> About two weeks ago, we lost the ability to log in as any user -
> including root - if a password was required.  We are using shadow
> passwords.
> Yesterday, I deleted the password references from passwd and shadow
> for two users - root and myself, and then logged in.  The system
> immediately gave me access at the appropriate levels.  I then used
> passwd to put a password back for root.  As soon as I did this, I
> tried to log back in, and got a "login incorrect" error message.
> Any ideas as to what might cause this and how to fix it?

You've been hacked.  The first thing you MUST do is to get it off the
net, and then, If and when you regain control, you might find that
several system utils have been changed, usually to hide the guilty.

While you could (we have) rescue the situation with about 3 floppies
full of known good system utils, finding all of the hack might take
several very determined days, and an extreme familiarity with the
previous state of the system.

If you can afford it, buy a new drive, hand the old one to the FBI for
evidence, and re-install from scratch.  This includes changing the
passwords for everybody on your net, no arguments allowed or tolerated.

Then take a look at the ipchains man pages for some guidance, and get
familiar with nmap, saint, rootkit and portsentry, which will show you
the holes in your security, and allow some sense of confidence that it
won't happen again without at least having the perps address.

Cheers, Gene
--



                        email gene underscore heskett at iolinc dot net
This messages reply content, but not any previously quoted material, is
? 2000 by Gene Heskett, all rights reserved.
--

 
 
 

1. Problem: No password-free remote 'root' login possible

Hello,

I have a problem administrating Linux-PCs via the network:

        Everytime I login as 'root' on a Linux PC (Slackware 2.2,
        kernel 1.2.13, shared libs 4.6.27), I have to enter a password
        via the net - this is not acceptable!
        I did not find a way for 'root' to bypass it ($HOME/.rhosts,
        /etc/hosts.equiv don't work!).
        It would be very helpfull to fix this problem because in our
        Linux/Sun-OS network centralized administrator machines are installed,
        from which 'root' can login on any other workstation without password
        input - just Linux currently doesn't supports it!

Thank's!


PS: Address is wrong - I know, thank you!
    I will fix it, when I have the time!!!

2. FTP server behind firewall

3. It's not bad canned meat...

4. SunOS 5.4 & CERN httpd

5. 2.3.99-pre5 and umount problem

6. Can't set root password- Password busy error -is not due to temp password file

7. gemstone

8. Scripting ssh login/don't prompt for password

9. Can't ssh login w/ password from linux

10. password prompt skipped, can't login

11. Login starts but doesn't ask password

12. Can't login if password active