Fixing passwd(1) broken due to PAM
I encountered the following issue on Ubuntu. It can theoretically affect other unixy systems that use PAM (pluggable authentication modules).
Suppose you find your system in this unusual state:
passedis broken: it reports success without even prompting you for a password;
- You can log in as any user without entering a password on the console and through
sudo(I did not notice this at first, since I logged in remotely with an SSH key);
Then your system probably has bad PAM configuration.
This is how your session may look:
user@system$ passwd passwd: password updated successfully user@system$
The most likely cause is that the Unix authentication module is disabled. In order to reenable it on Debian and Ubuntu, run the following command:
sudo dpkg-reconfigure pam-runtime
In the menu that appears enable “Unix authentication”.
On other operating systems look up how to enable PAM modules.
- NetBSD’s nice introductory article on PAM. It is not especially platform-specific.
Tags: how-to, Linux, *nix, security, sysadmin, troubleshooting.