I'm having a perplexing problem around authentication on my home system.
It has been running 32 bit Debian for years, and up to date with Debian 7.
Nothing new had been installed or configured for months, only
aptitude update and aptitude safe-upgrade.
This morning, checking email, I found thunderbird could not login to dovecot.
Restarted dovecot and no difference.
SSH login failed from two different systems.
I checked that the firewall on Linux was off.
I checked last reports and there was no unusual access.
Tested with chkrootkit and nothing came up.
This system is normally protected by unusual ssh port
plus denyhosts against brute force login.
nsswitch.conf had compat for passwd, group and shadow,
and I switched it to "files", with no difference. Nothing
seemed odd under /etc/pam.d with the common-* files.
Console login as my user or as root failed.
dmesg didn't report anything unusual happened.
Tried a passwd refresh to a new password. That required
entering my existing password, and entering the existing
password worked. However it wouldn't allow ssh or console
login with the changed password. I changed it back
to the usual password, and again, it accepted the
old password when prompted.
Eventually I was locked out when the screen save came on
after leaving it alone for awhile. I rebooted, and the system still
has this wacky behaviour. In addition, the gdm screen
does not come up - displaying only an hourglass.
VT consoles do come up after reboot, but again,
console login as myself or root are failing,
and ssh login from remote as myself is failing.
I've never seen something like this fail before unless I had
been messing around with pam configuration files. I'm currently
unable to get into the system so I'll be getting a rescue CD
set up to use later today.
Anyone have suggestions on what could have happened?