new NetBSD user dummy questions - change root password problem
Supernobby
thanks for still maintaining the NetBSD/amiga port. I am happy to use it if
possible.
I just got NetBSD/amiga installed on my A4000D with Cyberstorm MK2, Merlin,
X-Surf. Installation did work ok, I could get installation sets via ftp.
But this was not so easy, as the installation guide has not so many details on
that (like what is login data, path on the server, ...). But I could find
required info at other places.
Ok, I can boot now NetBSD by selecting the root partition in the early start
menu of the AMIGA.
In the meantime I managed to get bash installed, which helps a lot.
May I start with the first issue I have now. If it is solved somehow, we can
go on :-).
1) as suggested, I want to change root password. But this fails with the
error:
#####################
Couldn't get salt.
Unable to change auth token: error in service module
#####################
Does somebody can help? I can also try to provide more details on that, if
required.
Thanks in advance!
Andreas
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
Radek Kujawa
> Does somebody can help? I can also try to provide more details on that, if
> required.
>
Could you provide contents of your /etc/passwd.conf file?
Could you try hashing password using pwhash command? i.e.:
pwhash foobar
It should print encoded password.
What version of NetBSD are you using? What CPU does your Cyberstorm have?
Best regards
Radek
Andreas Barth
thanks for your answer.
Yes, I forgot to mention:
I installed NetBSD 4.0.1 and I have a 68060 CPU.
Yes, I use passwd command.
The passwd file is the default one. I don't know yet how I can manage to post it here, as my NetBSD system is still very basic with no e-mail or other luxury. Just one single console.
I tried pwhash <some string>, and it will print encrypted data.
Can I as workaround use vipw command to inset this string in passwd file without locking me out off the system?
But to get passwd command working would be better, if possible.
Bye,
Andreas
-------- Original-Nachricht --------
> Datum: Sun, 01 Mar 2009 17:21:53 +0100
> Von: Radek Kujawa <radosla...@c0ff33.net>
> An: Supernobby <super...@gmx.net>
> CC: port-...@netbsd.org
> Betreff: Re: new NetBSD user dummy questions - change root password problem
> Supernobby wrote:
> > Does somebody can help? I can also try to provide more details on that,
> if
> > required.
> >
> This looks very weird... Are you using passwd command?
>
> Could you provide contents of your /etc/passwd.conf file?
>
> Could you try hashing password using pwhash command? i.e.:
> pwhash foobar
> It should print encoded password.
>
> What version of NetBSD are you using? What CPU does your Cyberstorm have?
>
> Best regards
> Radek
--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01
Radek Kujawa
> The passwd file is the default one. I don't know yet how I can manage to post it here, as my NetBSD system is still very basic with no e-mail or other luxury. Just one single console.
>
describes the configuration of password cipher. Particurarly interesting
is localcipher stanza. For some reason passwd fails to encrypt password
using whatever localcipher is set on your system.
Also, this file is unrelated to /etc/master.passwd and /etc/passwd files
which contains users definitions, encrypted passwords and stuff like that.
Following command will return configured cipher for local passwords:
cat /etc/passwd.conf | grep localcipher
> I tried pwhash <some string>, and it will print encrypted data.
>
Hmmm. So at least password generation stuff it working. Can you try
using passwd command like that:
passwd -d files someuser
By default passwd uses pam_passwd module, but using -d files flag will
skip pam_passwd, and write directly to /etc/master.passwd. So it will
work if problem lies in pam_passwd.
> Can I as workaround use vipw command to inset this string in passwd file without locking me out off the system?
>
Yes, as pwhash and passwd uses same mechanism to generate password.
However I suggest experimenting with non-root account first ;).
Radek
Supernobby
the file /etc/passwd.conf only contains comments (all lines start with '#').
So I guess some default cipher is in use. Do you know what is the default?
The file is prepared for "md5":
#default:
# localcipher = md5
# ypcipher = old
But md5 seems not the default. Because when I uncomment this and use md5,
pwhash gives different output. And passwd command will also not work.
If I use passwd -d files the error is a bit different:
###################
passwd: Couldn't generate salt: Invalid argument
passwd: /etc/master.passwd: unchanged
###################
Is there some tool not installed or missing?!?
Again, if I just use passwd command, I get:
###################
Couldn't get salt.
Unable to change auth token: error in service module
###################
I also did the test with pwhash and used vipw to insert this output in passwd
file. And this worked. The username I used can now login only with password.
I also managed to install the BFFS filesystem on AMIGA side. So here is the
current /etc/passwd:
#########################
root:*:0:0:Charlie &:/root:/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:/bin/sh
daemon:*:1:1:The devil himself:/:/sbin/nologin
operator:*:2:5:System &:/usr/guest/operator:/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
games:*:7:13:& pseudo-user:/usr/games:/sbin/nologin
postfix:*:12:12:& pseudo-user:/var/spool/postfix:/sbin/nologin
named:*:14:14:& pseudo-user:/var/chroot/named:/sbin/nologin
ntpd:*:15:15:& pseudo-user:/var/chroot/ntpd:/sbin/nologin
sshd:*:16:16:& pseudo-user:/var/chroot/sshd:/sbin/nologin
_pflogd:*:18:18:& pseudo-user:/var/chroot/pflogd:/sbin/nologin
_rwhod:*:19:19:& pseudo-user:/var/rwho:/sbin/nologin
_proxy:*:21:21:Proxy Services:/nonexistent:/sbin/nologin
_sdpd:*:23:23:& pseudo-user:/nonexistent:/sbin/nologin
uucp:*:66:1:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39:Unprivileged user:/nonexistent:/sbin/nologin
nobby:*:1000:100::/home/nobby:/bin/bash
#########################
Thanks very much for your efforts!
Bye,
Andreas
Am Montag, 2. März 2009 schrieben Sie:
Radek Kujawa
> the file /etc/passwd.conf only contains comments (all lines start with '#').
>
> So I guess some default cipher is in use. Do you know what is the default?
>
> And passwd command will also not work.
>
somehow. Please try running quick test program I just wrote:
http://c0ff33.net/gensalt_test.c
Put this file onto your NetBSD parition, then compile and run:
# cc -lutil -lcrypt -o gensalt_test ./gensalt_test.c
# ./gensalt_test
Try running this program from root account, and from unprivileged
account, but change your current root password into something bogus (as
it prints encoded current password if ran from root). Paste outputs from
this program here. It should look somewhat like this:
http://c0ff33.net/gensalt_test.txt
Regards
Supernobby
Your guess was correct.
Here the output of your test program:
###########################
current pass for root (uid 0):
--------------- trying with pw_getpwconf --------------
localcipher:
key:
pw_gensalt returned: -1
salt:
crypted foobar: ..Tgnr41TuFZA
--------------- trying with pw_getconf --------------
localcipher: old
key: old
pw_gensalt returned: 0
salt: Jt
crypted foobar: Jt46rjnTMybIU
###########################
This is run as root. If I run this as normal usr, it gives same output for the
relevant lines in pw_getpwconf section.
Is there somewhere a good documentation for pw_getpwconf() function, where I
could read about what could go wrong?
But maybe you know? Thank you very much.
Bye,
Andreas
Am Mittwoch, 4. März 2009 schrieben Sie:
> Supernobby wrote:
> > the file /etc/passwd.conf only contains comments (all lines start with
> > '#').
>
> That's fine.
>
> > So I guess some default cipher is in use. Do you know what is the
> > default?
>
> AFAIR default localcipher and ypcipher is "old" (original crypt(3)).
>
> > And passwd command will also not work.
>
> I suspect that pw_getpwconf or pw_gensalt system functions are failing
> somehow. Please try running quick test program I just wrote:
> http://c0ff33.net/gensalt_test.c
>
> Put this file onto your NetBSD parition, then compile and run:
>
> # cc -lutil -lcrypt -o gensalt_test ./gensalt_test.c
> # ./gensalt_test
>
> Try running this program from root account, and from unprivileged
> account, but change your current root password into something bogus (as
> it prints encoded current password if ran from root). Paste outputs from
> this program here. It should look somewhat like this:
> http://c0ff33.net/gensalt_test.txt
>
> Regards
> Radek
--
Radek Kujawa
> current pass for root (uid 0):
>
should print encoded current password, and for other users "*".
> --------------- trying with pw_getpwconf --------------
> localcipher:
> key:
> pw_gensalt returned: -1
> salt:
> crypted foobar: ..Tgnr41TuFZA
> --------------- trying with pw_getconf --------------
> localcipher: old
> key: old
> pw_gensalt returned: 0
> salt: Jt
> crypted foobar: Jt46rjnTMybIU
> ###########################
> This is run as root. If I run this as normal usr, it gives same output for the
> relevant lines in pw_getpwconf section.
>
> Is there somewhere a good documentation for pw_getpwconf() function, where I
> could read about what could go wrong?
>
for pw_getpwconf. Basically, pw_getpwconf tries to determine what cipher
should be used, depending on various account related informations.
In case you're interested, these functions are implemented in following
source file:
src/lib/libutil/passwd.c
( http://opengrok.netbsd.org/source/xref/lib/libutil/passwd.c )
> But maybe you know?
Not really, NetBSD devs should look into it. This is almost certainly a
bug.
Please submit problem report using send-pr utility, or web interface:
http://www.netbsd.org/cgi-bin/sendpr.cgi?gndb=netbsd
Don't forget to attach results of our research.
Regards
Radek
Supernobby
root user still did not have any password installed.
When I run this as normal user, it printed a '*'.
But ok. If I look at the source of pw_getpwconf() I conclude, that the
function has a problem if the "key" for pw_getconf() can not be found in
the /etc/passwd.conf file. pw_getpwconf() will not return the config
for "default" as the last resort.
So I tried to add the key "root" in /etc/passwd.conf. And suddenly, I can use
passwd command to change password for root.
Yes, somehow this is a bug. But I can not imagine, that this should be a
general bug. It is so obvious and easy to observe and should be known
already, if it would be so general.
If you run NetBSD/amiga, can you reproduce this on your machine with NetBSD
4.0.1 on 68060 CPU and an empty passwd.conf file?
Bye,
Andreas
Am Samstag, 7. März 2009 schrieben Sie:
> Supernobby wrote:
> > current pass for root (uid 0):
>
> Was this empty, or did you erase output before sending mail? For root it
> should print encoded current password, and for other users "*".
>
> > --------------- trying with pw_getpwconf --------------
> > localcipher:
> > key:
> > pw_gensalt returned: -1
> > salt:
> > crypted foobar: ..Tgnr41TuFZA
> > --------------- trying with pw_getconf --------------
> > localcipher: old
> > key: old
> > pw_gensalt returned: 0
> > salt: Jt
> > crypted foobar: Jt46rjnTMybIU
> > ###########################
> > This is run as root. If I run this as normal usr, it gives same output
> > for the relevant lines in pw_getpwconf section.
> >
> > Is there somewhere a good documentation for pw_getpwconf() function,
> > where I could read about what could go wrong?
>
> I don't think it's documented. There's a manpage for pw_getconf but not
> for pw_getpwconf. Basically, pw_getpwconf tries to determine what cipher
> should be used, depending on various account related informations.
>
> In case you're interested, these functions are implemented in following
> source file:
> src/lib/libutil/passwd.c
> ( http://opengrok.netbsd.org/source/xref/lib/libutil/passwd.c )
>
> > But maybe you know?
>
> Not really, NetBSD devs should look into it. This is almost certainly a
> bug.
>
> Please submit problem report using send-pr utility, or web interface:
> http://www.netbsd.org/cgi-bin/sendpr.cgi?gndb=netbsd
>
> Don't forget to attach results of our research.
>
> Regards
> Radek
--
Radek Kujawa
> But ok. If I look at the source of pw_getpwconf() I conclude, that the
> function has a problem if the "key" for pw_getconf() can not be found in
> the /etc/passwd.conf file. pw_getpwconf() will not return the config
> for "default" as the last resort.
>
and 4. Call to getgrgid was changed into getgrgid_r in 2005, and this
stuff went into NetBSD 4.
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libutil/passwd.c.diff?r1=1.41&r2=1.42&f=h
getgrgid_r is a reentrant version of getgrgid, which was used before.
> Yes, somehow this is a bug. But I can not imagine, that this should be a
> general bug. It is so obvious and easy to observe and should be known
> already, if it would be so general.
>
This bug may or may not be platform-depended, but on most platforms
/etc/passwd.conf is populated by sysinst, so this bug is not _that_ easy
to observe.
> If you run NetBSD/amiga, can you reproduce this on your machine with NetBSD
> 4.0.1 on 68060 CPU and an empty passwd.conf file
I have 3.0.1 installed on my A1200 with 68030, and can't reproduce this
behaviour (with empty root password and empty /etc/passwd.conf). Also
tried this on amd64 running 4.0 - no problem there.
Can anyone else running NetBSD 4 on Amiga comment on this problem?
Regards
Radek
BTW. I stumbled upon interesting fact. If you'll look at CVS log for
src/lib/libutil/passwd.c, you'll see that similar problem was fixed in
2005 (rev. 1.39).
Frank Wille
>> [...]
> This bug may or may not be platform-depended, but on most platforms
> /etc/passwd.conf is populated by sysinst, so this bug is not _that_ easy
> to observe.
Shouldn't passwd.conf be written when sysinst asks you if you want DES or
MD5 encryption for your passwords?
But I'm suprised, because I didn't see a pattern whether the default
settings in passwd.conf are commented out or not.
I checked some of my systems:
sparc 3.1.1: ok
i386 5.0RC2: commented out
i386 4.0.1: commented out
macppc 3.1.1: ok
i386 3.1.1: commented out
amiga 4.0: commented out
>> If you run NetBSD/amiga, can you reproduce this on your machine with
>> NetBSD 4.0.1 on 68060 CPU and an empty passwd.conf file
> I have 3.0.1 installed on my A1200 with 68030, and can't reproduce this
> behaviour (with empty root password and empty /etc/passwd.conf). Also
> tried this on amd64 running 4.0 - no problem there.
>
> Can anyone else running NetBSD 4 on Amiga comment on this problem?
I had NetBSD/amiga 4.0 running on my A3000/060, and there was no problem to
change the root password.
Today I updated to 4.0.1 (copying kernel, extracting base.tgz), rebooted and
tried to change the password with user root (passwd.conf was still inactive).
Now I get the error:
Couldn't generate salt
Unable to change auth token: error in service module
So I can confirm the problem!
--
_ Frank Wille (fr...@phoenix.owl.de)
_ // http://sun.hasenbraten.de/~frank/
\X/ Phx @ #AmigaGer