From owner-freebsd-security@FreeBSD.ORG Sat Mar 19 23:27:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8BF716A4CE; Sat, 19 Mar 2005 23:27:03 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8083A43D2F; Sat, 19 Mar 2005 23:27:03 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: from freefall.freebsd.org (csjp@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2JNR33f053272; Sat, 19 Mar 2005 23:27:03 GMT (envelope-from csjp@freefall.freebsd.org) Received: (from csjp@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2JNR3jd053271; Sat, 19 Mar 2005 23:27:03 GMT (envelope-from csjp) Date: Sat, 19 Mar 2005 23:27:03 +0000 From: "Christian S.J. Peron" To: freebsd-hackers@FreeBSD.org Message-ID: <20050319232703.GA53181@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Mailman-Approved-At: Sun, 20 Mar 2005 13:35:12 +0000 cc: freebsd-security@FreeBSD.org Subject: RE: FreeBSD trusted execution system: beta testers wanted X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Mar 2005 23:27:03 -0000 All Thanks for all the input. I have updated the code as per some of the comments which came in around testing. The following changes were made: -modify setfhash/getfhash to use the filename of the pathname portion. this will un break set/getfhash if it was invoked using ./ or the complete pathname. -the kernel implementation of setfhash was a bad idea. It used to use the utimes syscall. This especially caused problems with various port or source builds on NFS file systems exiting with EIO or various other errors. I replaced the kernel implementation with a sysctl, and modified the setfhash utility to use this instead. -add additional printf's to tell people where/why things went wrong. It should be noted that these printfs are only executed if the module is compiled with DEBUG set. (See the Makefile). -change Makefiles and file locations to be more consistent with the system build practices. NOTE: IF YOU HAVE ALREADY PATCHED YOUR KERNEL SKIP THE KERNEL PATCH/REBUILD cd /usr/src/sys fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff patch < mac_vnode_mmap.1106783302.diff # REBUILD YOUR KERNEL cd /usr/src/sys/modules mkdir /usr/src/sys/modules/mac_chkexec cd /usr/src/sys/modules/mac_chkexec fetch http://www.freebsd.org/~csjp/mac/Makefile cd /usr/src/usr.sbin fetch http://www.freebsd.org/~csjp/mac/getfhash.1111165779.shar sh getfhash.1111165779.shar cd getfhash make make install make clean cd /usr/src/sys/security fetch http://www.freebsd.org/~csjp/mac/mac_chkexec.1111165827.shar sh mac_chkexec.1111165827.shar cd /usr/src/sys/modules/mac_chkexec make make install make clean -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-security@FreeBSD.ORG Sun Mar 20 14:54:56 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF3FD16A4CE for ; Sun, 20 Mar 2005 14:54:56 +0000 (GMT) Received: from mail26.sea5.speakeasy.net (mail26.sea5.speakeasy.net [69.17.117.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D51843D2F for ; Sun, 20 Mar 2005 14:54:56 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: (qmail 9161 invoked from network); 20 Mar 2005 14:54:56 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail26.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 20 Mar 2005 14:54:56 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 3738C82; Sun, 20 Mar 2005 09:54:55 -0500 (EST) Sender: lowell@be-well.ilk.org To: Michael Collette References: From: Lowell Gilbert Date: 20 Mar 2005 09:54:55 -0500 In-Reply-To: Message-ID: <44hdj6fjuo.fsf@be-well.ilk.org> Lines: 13 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: FreeBSD Security Subject: Re: LDAP and Linux compatibility X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2005 14:54:56 -0000 Michael Collette writes: > Please excuse a wee bit of cross posting here. It seems that the > questions list may not be the appropriate place for this as I've found > a number of unanswered posts involving this topic. On the -ports list, somebody pointed out that the linux-base ports include advice to to edit /compat/linux/etc/yp.conf (I'm using NIS). I haven't tried this yet, but it makes sense that it would be necessary. For your case with LDAP, I suspect you would need to configure nsswitch.conf, probably the same way as the FreeBSD version in your real /etc directory. From owner-freebsd-security@FreeBSD.ORG Sun Mar 20 21:37:44 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA7C516A4CE for ; Sun, 20 Mar 2005 21:37:44 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 445B343D2D for ; Sun, 20 Mar 2005 21:37:44 +0000 (GMT) (envelope-from metrol.net@gmail.com) Received: by wproxy.gmail.com with SMTP id 68so829137wri for ; Sun, 20 Mar 2005 13:37:43 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=EhmWGxWkojGLS7/ZQsqbEDboBTo3TAgbtCmNGDOJSA8ZuSvPOoV1lpVPxEfHYCxs8j8UZ9OFwsqONuRub4BIyKUKXZJFnWBDk/m7NTdLk0J69wCSyGk4yzy84lz17hlguP5YqNn94/AB0H1vxTM0wb4cd4Ee8SoZR3uHoauhCR4= Received: by 10.54.78.16 with SMTP id a16mr2584142wrb; Sun, 20 Mar 2005 13:37:43 -0800 (PST) Received: by 10.54.51.37 with HTTP; Sun, 20 Mar 2005 13:37:43 -0800 (PST) Message-ID: Date: Sun, 20 Mar 2005 13:37:43 -0800 From: Michael Collette To: Lowell Gilbert In-Reply-To: <44hdj6fjuo.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <44hdj6fjuo.fsf@be-well.ilk.org> cc: FreeBSD Security Subject: Re: LDAP and Linux compatibility X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Michael Collette List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2005 21:37:44 -0000 On 20 Mar 2005 09:54:55 -0500, Lowell Gilbert wrote: > Michael Collette writes: > > > Please excuse a wee bit of cross posting here. It seems that the > > questions list may not be the appropriate place for this as I've found > > a number of unanswered posts involving this topic. > > On the -ports list, somebody pointed out that the linux-base ports > include advice to to edit /compat/linux/etc/yp.conf (I'm using NIS). > I haven't tried this yet, but it makes sense that it would be > necessary. For your case with LDAP, I suspect you would need to > configure nsswitch.conf, probably the same way as the FreeBSD version > in your real /etc directory. The problem is, NIS is a built in feature of both FreeBSD and Linux. Configuring FreeBSD to utilize LDAP involves at least 4 additional ports. You need pam_ldap, nss_ldap, openldap-client, and openssl. The 4th of course being optional but highly desirable for security reasons. Without this additional software neither FreeBSD nor the compat/Linux install will do a lookup to an LDAP directory. It wouldn't know how, as you have to properly configure both pam_ldap and nss_ldap so they know how to query the directory. I would think that the most desirable behavior would be to have any Linux calls to getpwuid_r() answered by the FreeBSD libraries rather than a direct attempt to look at the passwd database. Well, assuming that's what is happening. It just seems redundant to have to configure authentication for the base system, then do it again for the Linux compatiblity. Later on, -- "When you come to a fork in the road....Take it" - Yogi Berra From owner-freebsd-security@FreeBSD.ORG Tue Mar 22 08:25:49 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F33E816A4D0 for ; Tue, 22 Mar 2005 08:25:48 +0000 (GMT) Received: from ruxcon.org.au (mail.ruxcon.org.au [209.9.226.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7ED1D43D55 for ; Tue, 22 Mar 2005 08:25:48 +0000 (GMT) (envelope-from cfp@ruxcon.org.au) Received: by ruxcon.org.au (Postfix, from userid 1005) id 7E61C1AD415D; Tue, 22 Mar 2005 08:25:47 +0000 (UTC) To: freebsd-security@freebsd.org Message-Id: <20050322082547.7E61C1AD415D@ruxcon.org.au> Date: Tue, 22 Mar 2005 08:25:47 +0000 (UTC) From: cfp@ruxcon.org.au (RUXCON Call for Papers) Subject: RUXCON 2005 Call for Papers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2005 08:25:49 -0000 Call For Papers RUXCON would like to announce the call for papers for the third annual RUXCON conference. Breaking from the RUXCON tradition of having the conference in winter months, this year the conference will be ran during the 1st and 2nd of October. As with previous years, RUXCON will be held at the University of Technology, Sydney, Australia. The dead line for submissions is the 31st of August. What is RUXCON? RUXCON is a conference organised by and for the computer security community. It is an attempt to bring together the individual talents of the security community through live presentations, activities and demonstrations. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst expanding their knowledge of security. Live presentations, activities and workshops will cover a full range of defensive and offensive security topics, varying from unpublished research to required reading for the public security community. Presentation Information Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech. Workshops are slightly shorter, between 30-40 minutes in length in a less formal format, more of a general or introductory skill level. Presentation Submissions RUXCON would like to invite people who are interested in security to submit a presentation or workshop. Topics of interest include, but are not limited to: * Code analysis * Exploitation techniques * Network scanning and analysis * Cryptography * Malware Analysis * Reverse engineering * Forensics and Anti-forensics * Social engineering * Web application security * Legal aspects of computer security and surrounding issues * Law enforcement activities * Telecommunications security (mobile, GSM, fraud issues, etc.) Submissions should thoroughly outline your desired presentation or workshop subject. Accompanying your submission should be the slides you intend to use or a detailed paper explaining your subject. If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations ruxcon org au. The deadline for submissions is the 31st of August. If approved we will additionally require: * A brief personal biography (between 2-5 paragraphs in length), including: skill set, experience, and credentials. * A description on your presentation or workshop (between 2-5 paragraphs in length). Selection Criteria Presentation selection will be based on technical merit. Presentations discussion new, previously undisclosed, defensive or offensive security related material will receive first priority. Contact Details Presentation Submissions: presentations ruxcon org au General Enquiries: ruxcon ruxcon org au From owner-freebsd-security@FreeBSD.ORG Tue Mar 22 15:39:09 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4C5216A4CE for ; Tue, 22 Mar 2005 15:39:09 +0000 (GMT) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBAFF43D4C for ; Tue, 22 Mar 2005 15:39:08 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from oleg.osk.lan (unknown [192.168.0.20]) by gandalf.osk.com.ua (Postfix) with ESMTP id 552A678C4F for ; Tue, 22 Mar 2005 17:39:31 +0200 (EET) Date: Tue, 22 Mar 2005 17:40:55 +0200 From: FreeBSD MailList X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1014664959.20050322174055@osk.com.ua> To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: PAM fails to change user password X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: FreeBSD MailList List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2005 15:39:10 -0000 Hi, freebsd-security. I have FreeBSD 5.3-STABLE. When I try to change user's password (via passwd) I recieve the following: passwd: entry inconsistent passwd: pam_chauthtok(): error in service module passwd: in pam_sm_chauthtok(): pw_copy() failed and password stays unchanged. There are no other errors in the authorization system at all. Contents of /etc/pam.d stayed unchanged (compared to /usr/src/pam.d) Permissions: /etc/group 644 root:wheel /etc/passwd 644 root:wheel /etc/master.passwd 600 root:wheel I have /usr/ports/security/pam_mysql installed, but this problem (as I remember) was here from the beginning, long before I installed pam_mysql. Because of need I created pam.conf with some opts. But if I remove it and reboot the problem persists. What could go wrong? -- Best regards, Tarasov Oleg mailto:subscriber@osk.com.ua From owner-freebsd-security@FreeBSD.ORG Wed Mar 23 09:48:51 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7BED16A4CE for ; Wed, 23 Mar 2005 09:48:51 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7321243D1D for ; Wed, 23 Mar 2005 09:48:51 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IDS00A1GTO8L740@bgo1smout1.broadpark.no> for freebsd-security@freebsd.org; Wed, 23 Mar 2005 10:43:20 +0100 (CET) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IDS0084YU06FYDE@bgo1sminn1.broadpark.no> for freebsd-security@freebsd.org; Wed, 23 Mar 2005 10:50:30 +0100 (CET) Received: by dsa.des.no (Pony Express, from userid 666) id CD2A7BDC37; Wed, 23 Mar 2005 10:48:49 +0100 (CET) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 29573BDC3E; Wed, 23 Mar 2005 10:48:45 +0100 (CET) Received: by xps.des.no (Postfix, from userid 1001) id 1EEB233C1B; Wed, 23 Mar 2005 10:48:45 +0100 (CET) Date: Wed, 23 Mar 2005 10:48:45 +0100 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <1014664959.20050322174055@osk.com.ua> To: FreeBSD MailList Message-id: <86sm2mofpe.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <1014664959.20050322174055@osk.com.ua> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: freebsd-security@freebsd.org Subject: Re: PAM fails to change user password X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 09:48:52 -0000 FreeBSD MailList writes: > When I try to change user's password (via passwd) I recieve the > following: > > passwd: entry inconsistent > passwd: pam_chauthtok(): error in service module > passwd: in pam_sm_chauthtok(): pw_copy() failed Do you by any chance have multiple entries for the same user in master.passwd? If you do, use vipw(8) to remove all but one, and try again. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Mar 23 19:25:34 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78FAE16A4CE for ; Wed, 23 Mar 2005 19:25:34 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 923C343D48 for ; Wed, 23 Mar 2005 19:25:33 +0000 (GMT) (envelope-from metrol.net@gmail.com) Received: by wproxy.gmail.com with SMTP id 70so268354wra for ; Wed, 23 Mar 2005 11:25:33 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=YVvq6pfWQePHGsi9Are92sBNXQTaeik9gcpWuQ/QSbknG+qvPENUUzNmlpX+uj3chsg+smIqPlda28TlQFhL37fzoVEMZPIt8I1UWNgNedpRiwR4PNzWXML/5uVMOeMekEXl5jIow0kGDP/L0fZFsljuwBKek9aFgVhy8f2AWUw= Received: by 10.54.96.14 with SMTP id t14mr570832wrb; Wed, 23 Mar 2005 11:25:25 -0800 (PST) Received: by 10.54.51.37 with HTTP; Wed, 23 Mar 2005 11:25:19 -0800 (PST) Message-ID: Date: Wed, 23 Mar 2005 11:25:19 -0800 From: Michael Collette To: Lowell Gilbert In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <44hdj6fjuo.fsf@be-well.ilk.org> cc: FreeBSD Security Subject: Re: LDAP and Linux compatibility X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Michael Collette List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 19:25:34 -0000 Well, came up with a solution as well as a new problem. Thought I'd at least share the solution here. In /etc/profile I'm calling a shell script called inituser.sh. Got this running to insure the user's basic environment is all setup. In this script I now have it write to a file in /tmp with a line that looks like... bob:*:1000:1000:Bob Smith:/home/bob I then have a symbolic link from this file to /compat/linux/etc/passwd. With this in play, FreeBSD is properly performing an LDAP lookup, and Linux apps have somewhere to look for a proper user id. There are some security concerns I have with this, and it sure feels like a nasty little hack, but it seems to work for the moment. Now my problem has to do with linux-fontconfig. Neither acroread7 nor reaplay will run due to complaining about fontconfig not being setup properly. Still futzing with this one. Thankfully though, neither app is still complaining about not being able to lookup a user id. Later on, On Sun, 20 Mar 2005 13:37:43 -0800, Michael Collette wrote: > On 20 Mar 2005 09:54:55 -0500, Lowell Gilbert > wrote: > > Michael Collette writes: > > > > > Please excuse a wee bit of cross posting here. It seems that the > > > questions list may not be the appropriate place for this as I've found > > > a number of unanswered posts involving this topic. > > > > On the -ports list, somebody pointed out that the linux-base ports > > include advice to to edit /compat/linux/etc/yp.conf (I'm using NIS). > > I haven't tried this yet, but it makes sense that it would be > > necessary. For your case with LDAP, I suspect you would need to > > configure nsswitch.conf, probably the same way as the FreeBSD version > > in your real /etc directory. > > The problem is, NIS is a built in feature of both FreeBSD and Linux. > Configuring FreeBSD to utilize LDAP involves at least 4 additional > ports. You need pam_ldap, nss_ldap, openldap-client, and openssl. > The 4th of course being optional but highly desirable for security > reasons. > > Without this additional software neither FreeBSD nor the compat/Linux > install will do a lookup to an LDAP directory. It wouldn't know how, > as you have to properly configure both pam_ldap and nss_ldap so they > know how to query the directory. > > I would think that the most desirable behavior would be to have any > Linux calls to getpwuid_r() answered by the FreeBSD libraries rather > than a direct attempt to look at the passwd database. Well, assuming > that's what is happening. It just seems redundant to have to > configure authentication for the base system, then do it again for the > Linux compatiblity. > > Later on, > -- > "When you come to a fork in the road....Take it" > - Yogi Berra > -- "When you come to a fork in the road....Take it" - Yogi Berra From owner-freebsd-security@FreeBSD.ORG Fri Mar 25 08:08:01 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1B6B16A4CE for ; Fri, 25 Mar 2005 08:08:01 +0000 (GMT) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34CE743D1F for ; Fri, 25 Mar 2005 08:08:01 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from oleg.osk.lan (unknown [192.168.0.20]) by gandalf.osk.com.ua (Postfix) with ESMTP id B677278C5C; Fri, 25 Mar 2005 10:08:23 +0200 (EET) Date: Fri, 25 Mar 2005 10:09:48 +0200 From: Oleg Tarasov X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1971222958.20050325100948@osk.com.ua> To: "Jason L. Schwab" In-Reply-To: <2B21B68AD68D364A8B241C972772CE110A8CB6@ms08.mse3.exchange.ms> References: <2B21B68AD68D364A8B241C972772CE110A8CB6@ms08.mse3.exchange.ms> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@FreeBSD.org Subject: Re: PAM fails to change user password X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: FreeBSD MailList List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 08:08:02 -0000 Hello, Jason L. Schwab wrote: > Tarasov Oleg; > (as root) > # pwd_mkdb /etc/master.passwd > It seems that the actual database file is fine, but the plaintext > versions think that they are corrupt, this should solve your issue. > Then try changing the users password, it should be successful. > -Jason Thanx, that was the problem. Actually I changed master.passwd by hands and forgot to use pwd_mkdb. My mistake, a lesson to me. Sorry for inconfidence. -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua From owner-freebsd-security@FreeBSD.ORG Fri Mar 25 12:49:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4336D16A4CE for ; Fri, 25 Mar 2005 12:49:03 +0000 (GMT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id ADD8643D1F for ; Fri, 25 Mar 2005 12:49:02 +0000 (GMT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 6504 invoked by uid 1001); 25 Mar 2005 12:49:02 -0000 Date: Fri, 25 Mar 2005 07:49:02 -0500 From: "Peter C. Lai" To: Oleg Tarasov Message-ID: <20050325124902.GF1856@cowbert.2y.net> References: <2B21B68AD68D364A8B241C972772CE110A8CB6@ms08.mse3.exchange.ms> <1971222958.20050325100948@osk.com.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1971222958.20050325100948@osk.com.ua> User-Agent: Mutt/1.5.6i X-Mailman-Approved-At: Fri, 25 Mar 2005 13:56:22 +0000 cc: "Jason L. Schwab" cc: freebsd-security@FreeBSD.org Subject: Re: PAM fails to change user password X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 12:49:03 -0000 On Fri, Mar 25, 2005 at 10:09:48AM +0200, Oleg Tarasov wrote: > Hello, > > Jason L. Schwab wrote: > > > Tarasov Oleg; > > > > > (as root) > > # pwd_mkdb /etc/master.passwd > > > It seems that the actual database file is fine, but the plaintext > > versions think that they are corrupt, this should solve your issue. > > > Then try changing the users password, it should be successful. > > > -Jason > > Thanx, that was the problem. Actually I changed master.passwd by hands > and forgot to use pwd_mkdb. My mistake, a lesson to me. Sorry for > inconfidence. You CAN change master.passwd by hand, if you use vipw(8). vipw(8) will sync the two databases for you. > > > > -- > Best regards, > Oleg Tarasov mailto:subscriber@osk.com.ua > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/