Re: Authentication breakdown

To: debian-user@lists.debian.org
Subject: Re: Authentication breakdown
From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
Date: Tue, 07 Apr 2015 22:48:19 +0100
Message-id: <[🔎] 1428443299.4670.13.camel@jorgensen.org.uk>
In-reply-to: <[🔎] CA+AKB6H3D6bZ-oT+2_KhAL3NQRRyH1e8F2RQsiZD0p_frCGXTQ@mail.gmail.com>
References: <[🔎] CA+AKB6H3D6bZ-oT+2_KhAL3NQRRyH1e8F2RQsiZD0p_frCGXTQ@mail.gmail.com>

Hi

On Tue, 2015-04-07 at 10:02 -0300, francis picabia wrote:
> I'm having a perplexing problem around authentication on my home system.
> 
> It has been running 32 bit Debian for years, and up to date with Debian 7.
> 
> Nothing new had been installed or configured for months, only
> aptitude update and aptitude safe-upgrade.
> 
> This morning, checking email, I found thunderbird could not login to dovecot.
> Restarted dovecot and no difference.
> 
> SSH login failed from two different systems.
> 
> I checked that the firewall on Linux was off.
> I checked last reports and there was no unusual access.
> Tested with chkrootkit and nothing came up.
> This system is normally protected by unusual ssh port
> plus denyhosts against brute force login.
> 
> nsswitch.conf had compat for passwd, group and shadow,
> and I switched it to "files", with no difference.  Nothing
> seemed odd under /etc/pam.d with the common-* files.
> 
> Console login as my user or as root failed.
> 
> dmesg didn't report anything unusual happened.
> 
> Tried a passwd refresh to a new password.  That required
> entering my existing password, and entering the existing
> password worked.  However it wouldn't allow ssh or console
> login with the changed password.  I changed it back
> to the usual password, and again, it accepted the
> old password when prompted.

If logins via both console and ssh failed (as both yourself and root),
how did you get in?

Once logged in, I would suggest that you study the log files before
trying to change things.  The log files are usually a much faster route
to the underlying cause...

Assuming you have a default(ish) syslog config, the first log file I'd
look at is /var/log/auth.log. Then /var/log/kern.log and the remaining
log files.

> Eventually I was locked out when the screen save came on
> after leaving it alone for awhile.  I rebooted, and the system still
> has this wacky behaviour. 

Ah - a graphical login!

I'd recommend staying with the console (text-only) login whilst
diagnosing this. It's simpler software, and should thus be simpler to
debug.  And it is plausible that your gdm greeter is suffering from the
same underlying cause...

> 
> In addition, the gdm screen
> does not come up - displaying only an hourglass.
> VT consoles do come up after reboot, but again,
> console login as myself or root are failing,
> and ssh login from remote as myself is failing.
> 
> I've never seen something like this fail before unless I had
> been messing around with pam configuration files.  I'm currently
> unable to get into the system so I'll be getting a rescue CD
> set up to use later today.

Well - it is theoretically possible that a disk corruption has done
something to your pam configuration.   Hopefully the log files will
contain clues so you don't have to rely on such wild unsubstantiated
guesses...

Hope this helps
-- 
Karl E. Jorgensen <karl@jorgensen.org.uk>

Reply to:

Follow-Ups:
- Re: Authentication breakdown
  - From: francis picabia <fpicabia@gmail.com>

References:
- Authentication breakdown
  - From: francis picabia <fpicabia@gmail.com>

Prev by Date: Re: Authentication breakdown
Next by Date: Re: connect() with AF_INET6 freezes on some Debian/unstable machine
Previous by thread: Re: Authentication breakdown
Next by thread: Re: Authentication breakdown
Index(es):
- Date
- Thread