From owner-freebsd-questions@FreeBSD.ORG Wed Jun 1 06:41:32 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 190EF16A41C for ; Wed, 1 Jun 2005 06:41:32 +0000 (GMT) (envelope-from mail@myunix.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7876D43D4C for ; Wed, 1 Jun 2005 06:41:31 +0000 (GMT) (envelope-from mail@myunix.net) Received: from p5497E6D7.dip.t-dialin.net [84.151.230.215] (helo=[192.168.123.5]) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML21M-1DdMuv2N65-0003JM; Wed, 01 Jun 2005 08:41:29 +0200 Message-ID: <429D5898.9020603@myunix.net> Date: Wed, 01 Jun 2005 08:41:28 +0200 From: Christian Tischler User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bill Moran References: <200505311523.j4VFNuSl018397@clunix.cl.msu.edu> <429CD45E.302@myunix.net> <20050531173019.09ed95f3.wmoran@potentialtech.com> In-Reply-To: <20050531173019.09ed95f3.wmoran@potentialtech.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: kundenserver.de abuse@kundenserver.de login:f535121c9cfa857f5d09ee37b87180a6 Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 5.x forgetting passwords. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2005 06:41:32 -0000 Bill Moran wrote: >Christian Tischler wrote: > > > >>Jerry McAllister wrote: >> >> >> >>>>Eugene M. Minkovskii wrote: >>>> >>>> >>>> >>>>>On Mon, May 30, 2005 at 03:53:29PM +0200, Christian Tischler wrote: >>>>>" Eugene M. Minkovskii wrote: >>>>>" >>>>>" >On Sun, May 29, 2005 at 10:55:41PM +0200, Christian Tischler wrote: >>>>>" >" Hi, >>>>>" >" I am running a FreeBSD 5.1 system and some time ago it startet to >>>>>" >" "forget" some user passwords. >>>>>" >" As the system is now running for over 2 years I cannot imagine any >>>>>" >" reason why this shound be. >>>>>" >" Any ideas. >>>>>" > >>>>>" >root# su user >>>>>" >user$ passwd >>>>>" >newpasswd >>>>>" >newpasswd >>>>>" >user$ exit >>>>>" > >>>>>" > >>>>>" > >>>>>" >" Thanks in advance >>>>>" >" >>>>>" >" Christian >>>>>" >" _______________________________________________ >>>>>" >" freebsd-questions@freebsd.org mailing list >>>>>" >" http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>>" >" To unsubscribe, send any mail to >>>>>" >"freebsd-questions-unsubscribe@freebsd.org" >>>>>" > >>>>>" > >>>>>" > >>>>>" And how do I do it from remote via ssh? >>>>>" >>>>> >>>>>you$ sudo su user >>>>> >>>>>or, if you in group wheel, perhaps possible following >>>>> >>>>>you$ su user >>>>> >>>>>if you are not sudoer and you have not other way to take a root >>>>>privilegies, you can't be other user. And this is right. In other >>>>>case anybody can be anybody. >>>>> >>>>>" thx >>>>>" >>>>>" Christian >>>>>" >>>>>" PS: that was not quite an answer to my question I think, was it? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>Sorry for the confusion. But the problem is that the server forgets the >>>>password of the user (in wheel) I want to log in with from remote. >>>>The question was not how to become root or any other user to change the >>>>password. The question was why the box forgets the passwords in the >>>>first place, and how to stop this. >>>> >>>> >>>> >>>> >>>You may have to give more information. >>>I have never seen a system "forget" a password unless someone or something >>>intervened and specifically changed them. Or, is it possible that you >>>put an expiration on the passwords? By default, I believe FreeBSD >>>sets that at infinite, but you or someone might have changed that while >>>tinkering around. >>> >>>////jerry >>> >>> >>> >>> >>> >>thx for the answer. >>I gave you all the info there is. >>The system is now running since the release of 5.1 (2 years?) and this >>"password forgetting thing" startet about one month or so ago. I am >>quite sure that I did not tinker around with the config. >>But I will take a look at the expiration time just to check. >> >> > >If you're _sure_ that nobody authorized has changed the password, then >there are two very scare things possible: >1) Someone has cracked your system and is trying to keep you out by > changing your password. >2) Your disk is failing and has corrupted your password file. > >Considering how old 5.1 is, and how many security issues have been >discovered since 5.1, I would place a high probability on #1. > >No guarantees, though. But I would definately consider and investigate >those two possibilities if I were you. > > > 1) that is what I thought first, too. But the root password and the password for another account never changed. 2) this consideration also came to me. that is the reason why the system is going to be "upgraded" to raid 5 and a new 5.x. But as my time is very limited I first tried to fix that problem to keep the machine up and running until I have more time. The fact that 5.1 is old does not matter so much in terms of security, as only ssh and some high ports for a crypted vpn are open to the net, and the box is behind a firewall/nat/router thing. thx for your reply christian