Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 655
  • Last Modified:

password change in solaris 8 ... request current password twice

Hi Friends,

One more issue with solaris 8 i found in my system, whenever i  am going to change the password for any user in my solaris box it's ask twice for the existing password, but when i am login as root and changing the same user password.. it work and it didn't prompt for existing password twice.
attached is the pam.conf file configuration.

can you please help.,



login   auth    sufficient      /usr/lib/security/pam_krb5.so.1
login   auth    required        /usr/lib/security/pam_unix.so.1 use_first_pass
login   auth    required        /usr/lib/security/pam_dial_auth.so.1
rlogin  auth    sufficient      /usr/lib/security/pam_krb5.so.1
rlogin  auth    required        /usr/lib/security/pam_unix.so.1 use_first_pass
dtlogin auth    sufficient      /usr/lib/security/pam_krb5.so.1
dtlogin auth    required        /usr/lib/security/pam_unix.so.1 use_first_pass
other   auth    sufficient      /usr/lib/security/pam_krb5.so.1
other   auth    required        /usr/lib/security/pam_unix.so.1 use_first_pass
login   account sufficient      /usr/lib/security/pam_krb5.so.1
login   account sufficient      /opt/DBpam/lib/pam_nis.so.1
login   account required        /usr/lib/security/pam_unix.so.1
dtlogin account sufficient      /usr/lib/security/pam_krb5.so.1
dtlogin account sufficient      /opt/DBpam/lib/pam_nis.so.1
dtlogin account required        /usr/lib/security/pam_unix.so.1
other   account required        /usr/lib/security/pam_krb5.so.1
other   account required        /opt/DBpam/lib/pam_nis.so.1
other   account required        /usr/lib/security/pam_unix.so.1
other   password        required       /usr/lib/security/pam_unix.so.1

other   session required        /usr/lib/security/pam_default.so.1 root_ssh
login   session required        /usr/lib/security/pam_default.so.1
login   session required        /usr/lib/security/pam_unix.so.1
rlogin  auth sufficient         pam_rhosts_auth.so.1
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_auth.so.1
cron    account sufficient              pam_permit_cron.so.1
cron    account sufficient              pam_permit_cron.so.1
other   session required                pam_unix_session.so.1
dtsession       auth requisite          pam_authtok_get.so.1
dtsession       auth required           pam_dhkeys.so.1
dtsession       auth required           pam_unix_auth.so.1
ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
ppp     auth required           pam_unix_auth.so.1
ppp     auth    required                pam_dial_auth.so.1
ppp     account requisite               pam_roles.so.1
ppp     account requisite       /opt/DBpam/lib/pam_nis.so.1
ppp     account required                pam_projects.so.1
ppp     account required                pam_unix_account.so.1
ppp     session required                pam_unix_session.so.1
passwd  auth required           pam_passwd_auth.so.1
cron    account required                pam_unix_account.so.1

Open in new window

0
rameshsukhi123
Asked:
rameshsukhi123
  • 2
  • 2
  • 2
  • +1
1 Solution
 
arnoldCommented:
passwd only prompts for the current password only when the user is making the change.
How are you changing the password?  are you running sudo passwd? are you doind sudo su -u username whose password you want to change?

sudo passwd username should only prompt for your password (to pass sudo) and then prompt you for the new password for username.

Is your system a member of a directory, NIS, NIS+, LDAP?
Not sure why you posted the Auth configuration file.
0
 
Kerem ERSOYPresidentCommented:
Hi,

This is the usual behavior of the program called passwd which modifies user passwords. If it is not executed as UID=0 (root) it asks the old password first this has nothing to do with PAM. So the PAM file you've sent is completely irrelevant of the topic.

Cheers,
K.
0
 
rameshsukhi123Author Commented:
Thanks for the answer ....
I am doing password change as follows-

login as user1

and
passwd -r files user1
enter existing password:
Enter Existing password:
New password:
New password:

The question is when it's asking twice for the existing password, it should only ask once ... isn't it.
That we want to eliminate.

yes there is no NIS and LDAP.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arnoldCommented:
If you have access to root, why do you login as the user?
could you double check the line for passwd in /etc/nsswitch.conf?
Does it only have files or does it have another option?
Why are you using the -r files option if your system does not have a directory service?

try without the -r files and see if you have the single prompt if you do not have NIS+ setup.
0
 
rameshsukhi123Author Commented:
The requirement is to add server under password vault and for that it's mandatory that user itself should able to change password.

It should only prompt existing password only once which default behaviour on all OS.

in the /etc/nssswitch.conf file only files are mentioned for password, group.

even without -r it's prompt for rexisting password twice.

can anybody please have a look on the pam.conf file, because I know it will be resolved by modifying the pam.conf.

0
 
balasundaram_sCommented:
You may have to delete one of the line in pam.conf file, not sure which one.  Please refer another solaris server. (This is my guess)

other   password        required       /usr/lib/security/pam_unix.so.1
.....
passwd  auth required           pam_passwd_auth.so.1
......

0
 
balasundaram_sCommented:
One of the line mentioned below:


other   password        required       /usr/lib/security/pam_unix.so.1
.....
passwd  auth required           pam_passwd_auth.so.1
......
0
 
Kerem ERSOYPresidentCommented:
I think this line is extra:

other   password        required       /usr/lib/security/pam_unix.so.1

in fact password auth with passwd command is already here:

#
# passwd command (explicit because of a different authentication module)
#
passwd  auth required           pam_passwd_auth.so.1


The comment talks for itself.

Cheers,
K.


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now