Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to disable pam checking for a root password
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
elvis_
n00b
n00b


Joined: 15 Feb 2004
Posts: 27
Location: dogonfire.com

PostPosted: Thu Jun 13, 2024 11:25 am    Post subject: How to disable pam checking for a root password Reply with quote

Hi

Recently I was running an emerge and managed to break libcrypt in the glibc upgrade


It seems pretty fixable, but I can't get into the system to fix it.


I can run a normal boot, but root won't login as pam is broken, even with no password

or I can edit the grub command line with init=/bin/bash and that gets me into a basic shell, but it is missing enough pieces to make emerging hard. I removed the root password from this login. I can also remove the pam checks if I knew how.


Or if anyone has any other solutions to bypass the broken login system. I've tried to get into single user mode with networking but can't make it work. Using openRC

cheers
_________________
User 33374
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22649

PostPosted: Thu Jun 13, 2024 11:41 am    Post subject: Reply with quote

If you cleared root's password in /etc/shadow, that may already be enough for PAM to let you in. If it is not, please show us the error message, and any relevant PAM configuration files from /etc/pam.d.

You could also choose to modify inittab such that it starts a logged-in root shell automatically on one terminal, bypassing use of login. This means anyone who can access the machine's console can get root without a password, which is insecure if the machine is not physically secured. For temporary use, it is probably fine.

How did you end up with no root shell when the upgrade failed?
Back to top
View user's profile Send private message
elvis_
n00b
n00b


Joined: 15 Feb 2004
Posts: 27
Location: dogonfire.com

PostPosted: Thu Jun 13, 2024 1:08 pm    Post subject: Reply with quote

I got there from reading the documentation :D Something about "After upgrading glic, please reboot your system"

Usually I stay logged in over ssh and only reboot when upgrading kernels, but I got careless.


I have cleared root's password, there is no error, just no success and the login prompt resets.


The modification of inittab sounds perfect, I just tried it on tty2 but got "module unknown" error. Looks like the autologin is going through PAM
_________________
User 33374
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20485

PostPosted: Thu Jun 13, 2024 5:03 pm    Post subject: Reply with quote

elvis_ wrote:
I have cleared root's password, there is no error, just no success and the login prompt resets.
Does that happen with ssh, or from the physical machine? ssh may be configured to deny empty passwords.

What is in /etc/pam.d/system-auth? If there are no 'nullok' options, that may also be contributing to the issue. But I haven't yet been forced to truly understand how PAM config files work.

This may be a solution. Making backups of /etc/pam.d or at least the files you change would probably be a good idea.

EDIT: If you do get something to work, be sure to verify whether or not unprivileged users can gain root access without any barrier. If they can and the machine connects to the internet, you may wan to reconsider, especially if you use a web browser.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
elvis_
n00b
n00b


Joined: 15 Feb 2004
Posts: 27
Location: dogonfire.com

PostPosted: Sun Jun 16, 2024 1:12 pm    Post subject: Reply with quote

pjp wrote:
elvis_ wrote:
I have cleared root's password, there is no error, just no success and the login prompt resets.
Does that happen with ssh, or from the physical machine? ssh may be configured to deny empty passwords.

it didn't work for any user, ssh was fine, it seems libcrypt is so baked in it just crashes without getting to checks that don't need it


What is in /etc/pam.d/system-auth? If there are no 'nullok' options, that may also be contributing to the issue. But I haven't yet been forced to truly understand how PAM config files work.

Pam is the same, I got to know more about it than I ever wanted to last night. Configured passwordless logins in agetty/inittab as well as pam in permissive mode. Just more crashing

This may be a solution. Making backups of /etc/pam.d or at least the files you change would probably be a good idea.

EDIT: If you do get something to work, be sure to verify whether or not unprivileged users can gain root access without any barrier. If they can and the machine connects to the internet, you may wan to reconsider, especially if you use a web browser.


Yes, I'm putting it back together now.

So finally I decided to re-emerge the packages from the install CD. Did the chroot etc, surprising how easily it came back, muscle memory in the brain I guess

tried to emerge lbxcrypt, stopped because it needed perl. Tried to run perl, it crashed on missed libcrypt

finally worked out to copy the missing /usr/lib64/libcrypt.so files from the livecd (usb) to the chroot. Note libxcrypt is libxcrypt.so.2
made the missing .so symlinks and emerged libxcrypt

aborted as it was sharing files with the old glibc -- turned FEATURES= "-collision-detect" on and it installed fine

now emerging enough packages hopefully to fix all the broken libcrypt linkages before an emerge everything
_________________
User 33374
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum