[rhn-users] Kickstarted server does not use shadow passwords?

Mertens, Bram mertensb at mazdaeur.com
Thu May 8 07:43:10 UTC 2008 

> 


Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830 Willebroek
VAT BE 406.024.281, RPR Mechelen, ING  310-0092504-52, IBAN : BE64 3100 0925 0452, SWIFT : BBRUBEBB

-----Original Message-----
> From: rhn-users-bounces at redhat.com 
> [mailto:rhn-users-bounces at redhat.com] On Behalf Of Mark Watts
> Sent: woensdag 7 mei 2008 16:31
> To: rhn-users at redhat.com
> Subject: Re: [rhn-users] Kickstarted server does not use 
> shadow passwords?
> 
> 
> On Wednesday 07 May 2008 15:01:49 Mertens, Bram wrote:
> > Hi
> >
> > We recently started using RHN with a local satellite server.  After
> > kickstarting several servers we discovered each time that 
> we could not
> > change root's password from the one specified in the 
> kickstart profile.
> >
> > We always get the error: "passwd: User not known to the underlying
> > authentication module".
> >
> > We nos discovered that the system is not using shadow passwords and
> > running pwconv solves the problem.
> >
> > Is there a way to enable shadow passwords in a kickstart 
> profile?  Or do
> > we have to run pwconv from the %post section in each profile?
> 
> Under The "Advanced Options" tab for the Kickstart profile, I 
> have the "auth" 
> box checked with the following options:
> 
> 	--enablemd5 --enableshadow
> 
> I assume this is missing in yours, although its set as 
> standard when you 
> create a kickstart profile (at least on 5.0.1)

These options are present in all kickstart profiles but I checked
another server we kickstarted with this profile and it has no
/etc/shadow.

However we are able to change the root password untill we add the
pam_ldap or pam_radius modules to the pam stack.

After this changing the root password results in the "passwd: User not
known to the underlying authentication module" message.

Before running pwconv most system users (like ftp) have '*' in the
password field while others (like rpm) have '!!'.  The root password is
encrypted in the /etc/passwd file at this time.

After running pwconv the /etc/shadow is created and the password field
is set to 'x' for all users (as expected).  Changing the root password
works again after this change.

Is this an issue with the pam_ldap and pam_radius modules?  Or does the
fact that no /etc/shadow exists after kickstarting the server indicate
that the '--enablemd5 --enableshadow' options are ignored?

Kind regards

Bram

More information about the rhn-users mailing list