Passwords don't work anywhere, SSH pubkey does. PAM problem?
Joshua Gardner
mellowcellofellow at gmail.com
Mon Jun 7 03:23:39 UTC 2010
Excerpts from Joshua Gardner's message of Sun Jun 06 20:44:33 -0600 2010:
> Excerpts from Joshua Gardner's message of Sun Jun 06 19:09:13 -0600 2010:
> > Excerpts from J's message of Sun Jun 06 16:59:38 -0600 2010:
> > > On Sun, Jun 6, 2010 at 16:58, NoOp <glgxg at sbcglobal.net> wrote:
> > > > On 06/06/2010 11:29 AM, Joshua Gardner wrote:
> > > >> Well, that didn't work. Any other ideas?
> > > >
> > > > Check:
> > > > $ cat /var/log/auth.log
> > > > to see if you can find any glaring hints there.
> > >
> > > And take a look at /etc/passwd too. IIRC, switching someone's shell
> > > to something other than one of he shells will give results like that,
> > > HOWEVER, that should also prevent you from being able to SSH in and
> > > get a shell as well, but it's still worth looking at.
> > >
> > > I'm wondering if your server wasn't compromised...
> > >
> >
> > Well, it's not the shell. Still definitely /bin/bash. That wouldn't
> > have screwed up Citadel, anyway.
> >
> > I've been wondering if it was compromised too, but how would I tell?
> > Should I just backup and reinstall?
> >
> > -Josh
>
> I had someone look at it over SSH and it appears that either a
> corruption or a compromise has damaged all of my PAM libraries; they
> don't pass a sha1sum test. I'm just going to reinstall.
>
> Thanks anyway.
>
> -Josh
Heh, phew. It wasn't that after all. Samba's databases got corrupted
and Samba's hooks into PAM got all screwed up. sha1sum test failures
was due to mismatched versions between my system and my
friend's. Removing the corrupted Samba databases fixed everything.
-Josh
--
A good scapegoat is hard to find.
A guilty conscience is the mother of invention.
-- Carolyn Wells
More information about the ubuntu-users
mailing list