#2289 Error during password change
Closed: Fixed None Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1078840

Description of problem:
Error message is seen during password change. Although the change is
successful.

Version-Release number of selected component (if applicable):
1.11.2-60.el7

How reproducible:
Always

Steps to Reproduce:
1. # ssh -l aduser1@sssdad.com localhost
aduser1@sssdad.com@localhost's password:
Password expired. Change your password now.
Last login: Thu Mar 20 17:10:18 2014 from localhost
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user aduser1@sssdad.com.
Current Password:
New password:
Retype new password:
passwd: Authentication token manipulation error
Connection to localhost closed.

2. Now, try to login with the changed password.
# ssh -l aduser1@sssdad.com localhost
aduser1@sssdad.com@localhost's password:
Last login: Thu Mar 20 17:10:55 2014 from localhost

3. /varlog/secure shows:
Mar 20 17:10:54 dhcp207-186 sshd[11363]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost
user=aduser1@sssdad.com
Mar 20 17:10:54 dhcp207-186 sshd[11363]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost
user=aduser1@sssdad.com
Mar 20 17:10:54 dhcp207-186 sshd[11363]: pam_sss(sshd:auth): received for user
aduser1@sssdad.com: 12 (Authentication token is no longer valid; new one
required)
Mar 20 17:10:54 dhcp207-186 sshd[11363]: pam_sss(sshd:account): User info
message: Password expired. Change your password now.
Mar 20 17:10:54 dhcp207-186 sshd[11363]: Accepted password for
aduser1@sssdad.com from ::1 port 47301 ssh2
Mar 20 17:10:55 dhcp207-186 sshd[11363]: pam_unix(sshd:session): session opened
for user aduser1@sssdad.com by (uid=0)
Mar 20 17:10:55 dhcp207-186 passwd: pam_unix(passwd:chauthtok): user
"aduser1@sssdad.com" does not exist in /etc/passwd
Mar 20 17:11:08 dhcp207-186 passwd: pam_unix(passwd:chauthtok): user
"aduser1@sssdad.com" does not exist in /etc/passwd
Mar 20 17:11:08 dhcp207-186 passwd: pam_sss(passwd:chauthtok): Password change
failed for user aduser1@sssdad.com: 4 (System error)
Mar 20 17:11:08 dhcp207-186 passwd: gkr-pam: couldn't update the login keyring
password: no old password was entered
Mar 20 17:11:11 dhcp207-186 sshd[11366]: Received disconnect from ::1: 11:
disconnected by user
Mar 20 17:11:11 dhcp207-186 sshd[11363]: pam_unix(sshd:session): session closed
for user aduser1@sssdad.com


Actual results:
Error message is seen during password change. Although the change is
successful.

Expected results:
No error during password change.

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
patch: 0 => 1
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

This ticket turned out to be a regression in 1.11. Moving to sssd 1.11.5 as per downstream request.

milestone: NEEDS_TRIAGE => SSSD 1.11.5
priority: major => blocker

resolution: => fixed
status: assigned => closed

Metadata Update from @mkosek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.5

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3331

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata