[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Authentication breakdown


On Tue, 2015-04-07 at 10:02 -0300, francis picabia wrote:
> I'm having a perplexing problem around authentication on my home system.
> It has been running 32 bit Debian for years, and up to date with Debian 7.
> Nothing new had been installed or configured for months, only
> aptitude update and aptitude safe-upgrade.
> This morning, checking email, I found thunderbird could not login to dovecot.
> Restarted dovecot and no difference.
> SSH login failed from two different systems.
> I checked that the firewall on Linux was off.
> I checked last reports and there was no unusual access.
> Tested with chkrootkit and nothing came up.
> This system is normally protected by unusual ssh port
> plus denyhosts against brute force login.
> nsswitch.conf had compat for passwd, group and shadow,
> and I switched it to "files", with no difference.  Nothing
> seemed odd under /etc/pam.d with the common-* files.
> Console login as my user or as root failed.
> dmesg didn't report anything unusual happened.
> Tried a passwd refresh to a new password.  That required
> entering my existing password, and entering the existing
> password worked.  However it wouldn't allow ssh or console
> login with the changed password.  I changed it back
> to the usual password, and again, it accepted the
> old password when prompted.

If logins via both console and ssh failed (as both yourself and root),
how did you get in?

Once logged in, I would suggest that you study the log files before
trying to change things.  The log files are usually a much faster route
to the underlying cause...

Assuming you have a default(ish) syslog config, the first log file I'd
look at is /var/log/auth.log. Then /var/log/kern.log and the remaining
log files.

> Eventually I was locked out when the screen save came on
> after leaving it alone for awhile.  I rebooted, and the system still
> has this wacky behaviour. 

Ah - a graphical login!

I'd recommend staying with the console (text-only) login whilst
diagnosing this. It's simpler software, and should thus be simpler to
debug.  And it is plausible that your gdm greeter is suffering from the
same underlying cause...

> In addition, the gdm screen
> does not come up - displaying only an hourglass.
> VT consoles do come up after reboot, but again,
> console login as myself or root are failing,
> and ssh login from remote as myself is failing.
> I've never seen something like this fail before unless I had
> been messing around with pam configuration files.  I'm currently
> unable to get into the system so I'll be getting a rescue CD
> set up to use later today.

Well - it is theoretically possible that a disk corruption has done
something to your pam configuration.   Hopefully the log files will
contain clues so you don't have to rely on such wild unsubstantiated

Hope this helps
Karl E. Jorgensen <karl@jorgensen.org.uk>

Reply to: