We’re upgrading our linux boxes from sles 10.3 to 11.3. (SLES 10.3 to 10.4 to 11.3). After upgrade, users were not able to reset the password by themselves. They’re getting error while using passwd command & the error is pasted below. It should ask for old passwd normally, but not happened. But ROOT user could able to reset the password for the users.
user11@sles11:~> passwd user11
Changing password for user11.
passwd: Authentication information cannot be recovered
We’re upgrading our linux boxes from sles 10.3 to 11.3. (SLES 10.3 to 10.4 to 11.3). After upgrade, users were not able to reset the password by themselves. They’re getting error while using passwd command & the error is pasted below. It should ask for old passwd normally, but not happened. But ROOT user could able to reset the password for the users.
user11@sles11:~> passwd user11
Changing password for user11.
passwd: Authentication information cannot be recovered
Please help us to resolve this issue.[/QUOTE]
what passwd back-end are you using? “root” is always handled locally, while the other accounts might i.e. use LDAP.
To further assist, it’d be helpful to see the content of /etc/pam.d/common-password, too.
Thanks for the response. I just did a work around along with Dell Harris (novell) for the issue & it got resolved.
Issue : After upgrading the system to SLES 11.3, users are not able to change their passwords & root is able to change the passwords
Error : passwd: Authentication information cannot be recovered
Cause : incorrect entry or misconfig in pam.d module
Solution: Explored the pam.d folder & checked all the common-* files. Our environment has AD accounts syched via samba/winbind, hence winbind modules are added on pam.d etc. I checked the password file in pam.d folder & found some issues.
The issue that we were having was with the way the pam modules were stacked in the /etc/pam.d/passwd file, as well as the options that were in each. We moved the pam_cracklib as the 1st password module so it would prompt for the password token. Then we stacked the pam_pwcheck to remember 26 passwords back. Finally we stacked the pam_unix2. We set pam_pwcheck and pam_unix2 to use_authtok so it would use the password obtained by pam_cracklib.