Password reset not working and I have locked down my Centos 7.4
Password reset not working and I have locked down my Centos 7.4
I have centos 7.4.1708 on VMWARE.
In order to remove constraints for password length and disable dictionary checking I did some change in 2 OS files i.e. /etc/security/pwquality.conf and /etc/pam.d/system-auth. Eventually after these changes I could not login again into my user profile in Centos.
Rebooting my system in single-user mode according to this tutorial to reset password did not helped and it does not worked and I could not login again and I receive Login Incorrect message for every user and password combination. How should I fix this situation?
Here is contents of configuration files:
/etc/pam.d/system-auth:
/etc/security/pwquality.conf:
In order to remove constraints for password length and disable dictionary checking I did some change in 2 OS files i.e. /etc/security/pwquality.conf and /etc/pam.d/system-auth. Eventually after these changes I could not login again into my user profile in Centos.
Rebooting my system in single-user mode according to this tutorial to reset password did not helped and it does not worked and I could not login again and I receive Login Incorrect message for every user and password combination. How should I fix this situation?
Here is contents of configuration files:
/etc/pam.d/system-auth:
/etc/security/pwquality.conf:
Re: Password reset not working and I have locked down my Centos 7.4
What did you use to edit those files?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Password reset not working and I have locked down my Centos 7.4
I've used 'vi' to edit those files manually.
Re: Password reset not working and I have locked down my Centos 7.4
You're going to need to read your logs to find out what the problem is. By the sounds of it, you will need to boot from rescue media to do that if you cannot logon. The install DVD has a Rescue target that's listed off the "Troubelshhoting" menu that appears when it's booted.
I compared your files with mine and couldn't see any obvious differences that would make it fail but I'm no pam expert. I also wonder if you've managed to mangle the selinux contexts on the files while editing them. Running restorecon would fix them if so.
I compared your files with mine and couldn't see any obvious differences that would make it fail but I'm no pam expert. I also wonder if you've managed to mangle the selinux contexts on the files while editing them. Running restorecon would fix them if so.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Password reset not working and I have locked down my Centos 7.4
I did check the logs and disabling SELinux fixed this problem.
But I still don't know what was the reason for this:
But I still don't know what was the reason for this:
Code: Select all
Jul 6 13:40:02 DESIGN_Lab setroubleshoot: SELinux is preventing /usr/sbin/unix_chkpwd from read access on the file /etc/shadow. For complete SELinux messages run: sealert -l bf147829-eaed-455c-82f0-9b05b8ba68c2
Jul 6 13:40:02 DESIGN_Lab python: SELinux is preventing /usr/sbin/unix_chkpwd from read access on the file /etc/shadow.#
Re: Password reset not working and I have locked down my Centos 7.4
Post the output from ls -laZ /etc/shadow
Running restorecon -RFv /etc/shadow looks like it would fix that one (but ls -laZ it first or it'll be too late). There may be other files affected so this might not fix it immediately.
Running restorecon -RFv /etc/shadow looks like it would fix that one (but ls -laZ it first or it'll be too late). There may be other files affected so this might not fix it immediately.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Password reset not working and I have locked down my Centos 7.4
If you can afford the time go for a full relabel:
Code: Select all
touch /.autorelabel