Hi everybody,
I got the following feature on my BSD server:
I've got a user "dummy" that changed his password ... everything seemed to work fine but next time he tried to log in, the new password didn't work. Funny thing, the old one did.
I've now tried to change the password (via "passwd") of that user and the following happened:
there is a new hash in the master.passwd file, and the spwd.db file changed too. So I thought it worked ... but it didn't. With the next login, the new password was rejected, but the old one worked.
I looked at the user database information with "chpass dummy" and there it was, the old hash smiling back at me from the info. I tried to edit the hash directly by copying the new hash (from the master.passwd file) to the password field of "chpass" but the only thing that happened was:
... but actually, it didn't! If I immediately open the "chpass" again, there still is the old hash. Funny thing, I opened the "spwd.db" file and searched for the two hash-string ... they're both in there! In fact, also the time stamp of the file changed.
I tried another password just to see what happens but somehow, the "master.passwd" file gets a new hash, and some parts in the "spwd.db" get new hashes as well while the initial hash remains in the file too.
It's a simple setup ... at home, one server, no NIS, no LDAP, no Kerberos ...
What do I miss? Is my "spwd.db" file broken? Additionally, I get no error messages in auth.log or messages ... just the failed logins when we tried to login with the new password.
Any ideas what I'm doing wrong here?
I got the following feature on my BSD server:
I've got a user "dummy" that changed his password ... everything seemed to work fine but next time he tried to log in, the new password didn't work. Funny thing, the old one did.
I've now tried to change the password (via "passwd") of that user and the following happened:
there is a new hash in the master.passwd file, and the spwd.db file changed too. So I thought it worked ... but it didn't. With the next login, the new password was rejected, but the old one worked.
I looked at the user database information with "chpass dummy" and there it was, the old hash smiling back at me from the info. I tried to edit the hash directly by copying the new hash (from the master.passwd file) to the password field of "chpass" but the only thing that happened was:
Code:
chpass: user information updated... but actually, it didn't! If I immediately open the "chpass" again, there still is the old hash. Funny thing, I opened the "spwd.db" file and searched for the two hash-string ... they're both in there! In fact, also the time stamp of the file changed.
I tried another password just to see what happens but somehow, the "master.passwd" file gets a new hash, and some parts in the "spwd.db" get new hashes as well while the initial hash remains in the file too.
It's a simple setup ... at home, one server, no NIS, no LDAP, no Kerberos ...
What do I miss? Is my "spwd.db" file broken? Additionally, I get no error messages in auth.log or messages ... just the failed logins when we tried to login with the new password.
Any ideas what I'm doing wrong here?
