From: Stanley Laufer (slaufer@slis.sjsu.edu)
Date: Sun Jan 30 2005 - 12:04:46 EST
Hi all,
Thanks in advance for any replies.
Strange authentication issue on one of our Solaris 9 machines
that suddenly appeared last Friday.
We are using /etc/passwd + shadowing for authentication.
Suddenly, authentication on a handful of accounts is failing, although
the password for those accounts has not been changed, and we do not
have any type of password expiration set on any of our accounts.
I have verified that the problematic accounts do not have any type of
expiration set by using 'passwd -s' while root. And in general we
do not use password expiration on any of the accounts on the machine
in question.
The temporary fix appears to be to reset the password on the problematic
accounts, however I feel a pressing need to isolate the actual cause
in order to prevent it from happening again.
I've installed all relevant patches for Solaris 9, including the
most recent PAM patch.
There are about 956 user accounts on this machine, with UIDs as high
as 24000.
Does anyone know if there are any known problems in Solaris 9 when
using high UIDs?
I've already used pwck to verify /etc/passwd is clean.
I'm trying to think of other factors that could cause PAM to freak
out. Any ideas?
Note that the problem is only occurring on a handful of the 956
user accounts. The vast majority of other users are not experiencing
any problems whatsoever. However, there does not appear to be any
rhyme or reason to those accounts that have been impacted. Some are
low UID, some are high UID.
One of the symptoms of the problem is that when I try and use
/bin/su as a non-root user to switch to one of the problematic
user accounts, su returns a segmentation fault. However, when
when as root I try to su over to the problematic account, no problem.
And yes, before you ask, I've already checked that /bin/su and
/usr/bin/su are still Set UID.
I've tried using 'truss', however you cannot truss an SUID program,
so I've been unable to truss su in order to isolate where the
problem is occurring.
Does anyone have any other suggestions as to how I can go about isolating
what is causing the authentication problem?
I would suspect that the issue is originating in PAM, but I haven't
been able to figure out how to troubleshoot PAM in a more in-depth
way.
Stanley E. Laufer
Network Administrator
School of Library and Information Science
San Jose State University
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:05 EDT