* [2008-05-24 15:07:05 +0000] Dick Gevers wrote:

>>>>Moreover: With some juggling I managed to recreate a throwaway user and
>>>>he can now login but the command passwd fails.
>>>
>>>How did you create the user?
>>
>>With 'useradd -m' I created a passwordless user (I'm still too much of a
>>newb to do it with a password -- that is: useradd -m -p .... -- and man
>>crypt is klingon to me) and then pasted the md5 password from the user's
>>backup of his old shadow into his new shadow.
>
>Now I think I did it the correct way:
>python
>>>>
>import crypt; print crypt.crypt("password","salt")
>...
>and pasted the output into "useradd -m -p <output> tcbtester
>
>and latter can login.

That would setup a crypt password I believe, not an md5 password. Not
sure what ramifications there are other than a crappy hash.

>But the passwd command used by 'tcbtester' again gives same errors as
>before (*), so I'm thinking there may be a shortcoming in the current
>tcb/pam setup somewhere.
>
>(*) passwd returning: Authentication token manipulation error
>and auth.log showing: passwd: pam_tcb(passwd:chauthtok): Unable to find
>user in the selected database
>
>Vincent, I'll wait for you until you have time to look at this to
>troubleshoot.

I'll see if I can look into this tomorrow. My testing showed this to be
working, however, with the useradd and passwd utils. You don't have a
pam.d/system-auth.rpmnew file kicking around would you?

>For reference the auth.log error seems to be discussed only here:
>http://66.102.9.104/linux?q=cache:9_SOE--MOgIJ:www.kernel.org/pub/linux/libs/pam/pre/forgotten/oldmail.gz+pam+tcb+passwd+chauthtok+Unable+to+find+user+in+the+selected+database&hl=en&ct=clnk&cd=1
>
>but I can't find any conclusion as to what the solution is.

I don't even want to read that... comes out as one big paragraph here.
=)

--
Vincent Danen @ http://linsec.ca/