passwd: Module is unknown 2

[cpjust]

If I add a user or try to change a password with passwd I get this error:

passwd: Module is unknown
passwd: password unchanged

I don't understand. I see this:

# which passwd
/usr/bin/passwd

The user gets added to /etc/passwd, but they can't login since their password was never set.

Are there some libraries I need to install to fix this?

I'm running Ubuntu server if that makes any difference.

 

[SamBones]

Try this to see if it's finding all of it's libraries...

ldd `which passwd`

Can you run [tt]passwd[/tt] as [tt]root[/tt]?

 

[cpjust]

Here's the output:

# ldd `which passwd`
	linux-vdso.so.1 =>  (0x00007fffbf3fe000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f98b6f14000)
	libpam.so.0 => /lib/libpam.so.0 (0x00007f98b6d0a000)
	libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x00007f98b6b07000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x00007f98b68eb000)
	libc.so.6 => /lib/libc.so.6 (0x00007f98b6589000)
	libdl.so.2 => /lib/libdl.so.2 (0x00007f98b6385000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f98b714c000

I wonder if something in the LDAP configuration disabled the local passwd? When I try to change my password as root I get:

Enter login(LDAP) password:

and it doesn't accept the local root password.

 

[Annihilannic]

What are the contents of your /etc/pam.d/passwd file?

Annihilannic.

 

[cpjust]

@include common-password

 

[Annihilannic]

In that case, can you also paste the contents of the @included file please?

Annihilannic.

 

[cpjust]

Sure, here's /etc/pam.d/common-password

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_ldap.so use_first_pass
password   required     pam_deny.so

 

[cpjust]

BTW, I found these files:
/lib/security/pam_deny.so
/lib/security/pam_ldap.so
/lib/security/pam_unix.so

but I couldn't find pam_cracklib.so anywhere on that system.

 

[Annihilannic]

Odd... which Linux distribution is this?

On the RHEL4, RHEL5 and SLES9 distributions I've just checked pam_cracklib.so seems to be part of the pam or pam-32bit RPM packages.

As a temporary workaround you can comment out the entry referring to pam_cracklib.so; it's purpose is to make sure that passwords are sufficiently complex to avoid easy guessing by would-be intruders.

Annihilannic.

 

[cpjust]

It's Ubuntu server.

I commented out the cracklib line in common-password, but now I get this error when I try to change a password

passwd: Authentication information cannot be recovered
passwd: password unchanged

 

[Annihilannic]

Are your /etc/passwd and /etc/shadow files apparently intact?

I'd be suspicious in your circumstances. It might be worth checking for a rootkit, if there is some means by which the server could have been attacked. It's not a situation I've been in so I can't really offer more advice about that.

Annihilannic.

 

[AuditPT]

Edit the file /etc/pam.d/common-password and remove the use_authtok directive from the pam_unix.so line, as well as comment out the pam_cracklib.so line.

This will get your system working. Then you should tune it as you go.

#password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow #use_authtok
password   sufficient   pam_ldap.so use_first_pass
password   required     pam_deny.so

 

[cpjust]

Thanks, that worked!