Fixing passwd(1) broken due to PAM

I encountered the following issue on Ubuntu. It can theoretically affect other unixy systems that use PAM (pluggable authentication modules).

Suppose you find your system in this unusual state:

passwd is broken: it reports success without even prompting you for a password;
You can log in as any user without entering a password on the console and through su and sudo. (I did not notice this at first, since I logged in remotely with an SSH key.)

Then your system probably has bad PAM configuration.

This is how your session may look:

user@system$ passwd
passwd: password updated successfully
user@system$

The most likely cause is that the Unix authentication module is disabled. In order to reenable it on Debian and Ubuntu, run the following command:

sudo dpkg-reconfigure pam-runtime

In the menu that appears enable “Unix authentication”.

On other operating systems look up how to enable PAM modules.

NetBSD’s nice introductory article on PAM. It is not especially platform-specific.

Source