View previous topic :: View next topic |
Author |
Message |
elvis_ n00b
Joined: 15 Feb 2004 Posts: 27 Location: dogonfire.com
|
Posted: Thu Jun 13, 2024 11:25 am Post subject: How to disable pam checking for a root password |
|
|
Hi
Recently I was running an emerge and managed to break libcrypt in the glibc upgrade
It seems pretty fixable, but I can't get into the system to fix it.
I can run a normal boot, but root won't login as pam is broken, even with no password
or I can edit the grub command line with init=/bin/bash and that gets me into a basic shell, but it is missing enough pieces to make emerging hard. I removed the root password from this login. I can also remove the pam checks if I knew how.
Or if anyone has any other solutions to bypass the broken login system. I've tried to get into single user mode with networking but can't make it work. Using openRC
cheers _________________ User 33374 |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22626
|
Posted: Thu Jun 13, 2024 11:41 am Post subject: |
|
|
If you cleared root's password in /etc/shadow, that may already be enough for PAM to let you in. If it is not, please show us the error message, and any relevant PAM configuration files from /etc/pam.d.
You could also choose to modify inittab such that it starts a logged-in root shell automatically on one terminal, bypassing use of login. This means anyone who can access the machine's console can get root without a password, which is insecure if the machine is not physically secured. For temporary use, it is probably fine.
How did you end up with no root shell when the upgrade failed? |
|
Back to top |
|
|
elvis_ n00b
Joined: 15 Feb 2004 Posts: 27 Location: dogonfire.com
|
Posted: Thu Jun 13, 2024 1:08 pm Post subject: |
|
|
I got there from reading the documentation Something about "After upgrading glic, please reboot your system"
Usually I stay logged in over ssh and only reboot when upgrading kernels, but I got careless.
I have cleared root's password, there is no error, just no success and the login prompt resets.
The modification of inittab sounds perfect, I just tried it on tty2 but got "module unknown" error. Looks like the autologin is going through PAM _________________ User 33374 |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20484
|
Posted: Thu Jun 13, 2024 5:03 pm Post subject: |
|
|
elvis_ wrote: | I have cleared root's password, there is no error, just no success and the login prompt resets. | Does that happen with ssh, or from the physical machine? ssh may be configured to deny empty passwords.
What is in /etc/pam.d/system-auth? If there are no 'nullok' options, that may also be contributing to the issue. But I haven't yet been forced to truly understand how PAM config files work.
This may be a solution. Making backups of /etc/pam.d or at least the files you change would probably be a good idea.
EDIT: If you do get something to work, be sure to verify whether or not unprivileged users can gain root access without any barrier. If they can and the machine connects to the internet, you may wan to reconsider, especially if you use a web browser. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
elvis_ n00b
Joined: 15 Feb 2004 Posts: 27 Location: dogonfire.com
|
Posted: Sun Jun 16, 2024 1:12 pm Post subject: |
|
|
pjp wrote: | elvis_ wrote: | I have cleared root's password, there is no error, just no success and the login prompt resets. | Does that happen with ssh, or from the physical machine? ssh may be configured to deny empty passwords.
it didn't work for any user, ssh was fine, it seems libcrypt is so baked in it just crashes without getting to checks that don't need it
What is in /etc/pam.d/system-auth? If there are no 'nullok' options, that may also be contributing to the issue. But I haven't yet been forced to truly understand how PAM config files work.
Pam is the same, I got to know more about it than I ever wanted to last night. Configured passwordless logins in agetty/inittab as well as pam in permissive mode. Just more crashing
This may be a solution. Making backups of /etc/pam.d or at least the files you change would probably be a good idea.
EDIT: If you do get something to work, be sure to verify whether or not unprivileged users can gain root access without any barrier. If they can and the machine connects to the internet, you may wan to reconsider, especially if you use a web browser. |
Yes, I'm putting it back together now.
So finally I decided to re-emerge the packages from the install CD. Did the chroot etc, surprising how easily it came back, muscle memory in the brain I guess
tried to emerge lbxcrypt, stopped because it needed perl. Tried to run perl, it crashed on missed libcrypt
finally worked out to copy the missing /usr/lib64/libcrypt.so files from the livecd (usb) to the chroot. Note libxcrypt is libxcrypt.so.2
made the missing .so symlinks and emerged libxcrypt
aborted as it was sharing files with the old glibc -- turned FEATURES= "-collision-detect" on and it installed fine
now emerging enough packages hopefully to fix all the broken libcrypt linkages before an emerge everything _________________ User 33374 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|