Fixing passwd(1) broken due to PAM

I encountered the following issue on Ubuntu. It can theoretically affect other unixy systems that use PAM (pluggable authentication modules).

Suppose you find your system in this unusual state:

1. passwd is broken: it reports success without even prompting you for a password;
2. You can log in as any user without entering a password on the console and through su and sudo. (I did not notice this at first, since I logged in remotely with an SSH key.)

Then your system probably has bad PAM configuration.

This is how your session may look:

user@system$ passwd
passwd: password updated successfully
user@system$

The most likely cause is that the Unix authentication module is disabled. In order to reenable it on Debian and Ubuntu, run the following command:

sudo dpkg-reconfigure pam-runtime

In the menu that appears enable “Unix authentication”.

On other operating systems look up how to enable PAM modules.

Source

• https://forums.debian.net/viewtopic.php?p=300244

See also

• NetBSD’s nice introductory article on PAM. It is not especially platform-specific.