Re: CRON: Authentication token is no longer valid; new one required
The '!' Means root login is disabled, not that the root account is disabled. su -
With a blank root password lets anyone switch user to root without slowing down to crack the password. That is not a safe goal.
Sent from my iPhone
> On Feb 6, 2015, at 3:41 AM, ML mail <mlnospam@yahoo.com> wrote:
>
> The result of running passwd --status tells me that the password needs to be changed as actually I had in my /etc/shadow file only a "!" as password in order to safely disable the root account. It looks like this is not compatible with the cron.d system. I have changed the password and then locked the account (passwd -l) and now it works. The thing is that I wanted to remove the password from the /etc/shadow file as with the lock option the password is still there but with a "!" before it.
>
>
>
>
>> On Thursday, February 5, 2015 10:18 PM, Bob Proulx <bob@proulx.com> wrote:
>> ML mail wrote:
>> I am trying to run cron from /etc/cron.d with the root account which
>> has password disabled in order not to be able to login as root but
>> when the cron entry wants to run it simply does not and show the
>> following error message in the log file:
>>
>> CRON[16785]: Authentication token is no longer valid; new one required
>
> This reads to me that the password for root has expired. It is the
> state of an expired password that is a problem.
>
> When you say that the root password has been disabled what exactly do
> you mean by that statement? Did you 'passwd -e root'? If so that is
> the source of the problem. Root should not have an expired password.
>
> What does this say? Example from a system of mine.
>
> $ passwd --status root
> root P 05/01/2010 0 99999 7 -1
>
>
>> Any idea how to run a cronjob from /etc/cron.d with the root account
>> disabled?
>
> I didn't have time to test this procedure but I would use 'passwd
> root' to change the password and to fix the expiration. (Actually *I*
> would simply edit the /etc/shadow file and fix it but for others I
> recommend using the tool to avoid a file editing mistake in that very
> critical file.) After updating the password I think the expiration
> problem will have been fixed. You don't actually ever have to use
> that password.
>
> Bob
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com">https://lists.debian.org/[🔎] 1326385422.691043.1423212080587.JavaMail.yahoo@mail.yahoo.com
>
Reply to: