Re: CRON: Authentication token is no longer valid; new one required

To: debian-user@lists.debian.org
Cc: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: CRON: Authentication token is no longer valid; new one required
From: wolf.halton@gmail.com
Date: Fri, 6 Feb 2015 05:07:58 -0500
Message-id: <[🔎] 18C531B7-3530-46B3-8288-2EE5E61E7960@gmail.com>
In-reply-to: <[🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com>
References: <[🔎] 20150205140805350342716.NoCcsPlease@bob.proulx.com> <[🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com>

The '!' Means root login is disabled, not that the root account is disabled. su - 
With a blank root password lets anyone switch user to root without slowing down to crack the password. That is not a safe goal. 

Sent from my iPhone

> On Feb 6, 2015, at 3:41 AM, ML mail <mlnospam@yahoo.com> wrote:
> 
> The result of running passwd --status tells me that the password needs to be changed as actually I had in my /etc/shadow file only a "!" as password in order to safely disable the root account. It looks like this is not compatible with the cron.d system. I have changed the password and then locked the account (passwd -l) and now it works. The thing is that I wanted to remove the password from the /etc/shadow file as with the lock option the password is still there but with a "!" before it.
> 
> 
> 
> 
>> On Thursday, February 5, 2015 10:18 PM, Bob Proulx <bob@proulx.com> wrote:
>> ML mail wrote:
>> I am trying to run cron from /etc/cron.d with the root account which
>> has password disabled in order not to be able to login as root but
>> when the cron entry wants to run it simply does not and show the
>> following error message in the log file:
>> 
>> CRON[16785]: Authentication token is no longer valid; new one required
> 
> This reads to me that the password for root has expired.  It is the
> state of an expired password that is a problem.
> 
> When you say that the root password has been disabled what exactly do
> you mean by that statement?  Did you 'passwd -e root'?  If so that is
> the source of the problem.  Root should not have an expired password.
> 
> What does this say?  Example from a system of mine.
> 
>  $ passwd --status root
>  root P 05/01/2010 0 99999 7 -1
> 
> 
>> Any idea how to run a cronjob from /etc/cron.d with the root account
>> disabled?
> 
> I didn't have time to test this procedure but I would use 'passwd
> root' to change the password and to fix the expiration.  (Actually *I*
> would simply edit the /etc/shadow file and fix it but for others I
> recommend using the tool to avoid a file editing mistake in that very
> critical file.)  After updating the password I think the expiration
> problem will have been fixed.  You don't actually ever have to use
> that password.
> 
> Bob 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com">https://lists.debian.org/[🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com
>

Reply to:

Follow-Ups:
- Re: CRON: Authentication token is no longer valid; new one required
  - From: Reco <recoverym4n@gmail.com>

References:
- Re: CRON: Authentication token is no longer valid; new one required
  - From: Bob Proulx <bob@proulx.com>
- Re: CRON: Authentication token is no longer valid; new one required
  - From: ML mail <mlnospam@yahoo.com>

Prev by Date: Re: missing segfault messages
Next by Date: Re: CRON: Authentication token is no longer valid; new one required
Previous by thread: Re: CRON: Authentication token is no longer valid; new one required
Next by thread: Re: CRON: Authentication token is no longer valid; new one required
Index(es):
- Date
- Thread