CentOS - Jan 2012 - Passwords apparently stopped working.

I encountered a couple of strange events with respect to
password authentication this morning. Two of our staff
were unable to login onto several systems using their
usual passwords.  Both users had last logged in on these
hosts using their accounts and passwords on Friday past.

The two accounts could not log on to any of the servers
for which they had access and the message log on each
showed that access was denied for a failed password.  The
systems involved were running either CentOS-4.9 or
CentOS-5.7.  So, the effect was uniform across multiple
hardware and software platforms.  I also checked these
accounts against our warm backup machine and encountered
the same problems for both.

I verified that the passwords being used were correct for
the accounts.  I also verified that neither of passwords
had been reset in some months and there were no expiry
dates set for the accounts.

I would accept the coincidence of both forgetting their
passwords except for the fact that each had kept a record
of their password in their wallets and I was able to
confirm those values against our records as well.

Resetting both the passwords to their current values using
the passwd utility on each system corrected the problem
insofar as the users were concerned.  However, I am
somewhat perplexed as to the reason for their passwords to
stop working in the first place. Is anyone here aware of
any reason why this might happen?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

James B. Byrne wrote:
> I encountered a couple of strange events with respect to
> password authentication this morning. Two of our staff
> were unable to login onto several systems using their
> usual passwords.  Both users had last logged in on these
> hosts using their accounts and passwords on Friday past.
<snip>
> Resetting both the passwords to their current values using
> the passwd utility on each system corrected the problem
> insofar as the users were concerned.  However, I am
> somewhat perplexed as to the reason for their passwords to
> stop working in the first place. Is anyone here aware of
> any reason why this might happen?
Is it possible that they'd logged into something else first, and had
multiple credentials, and the systems were trying to get those first?

       mark

On Tue, Jan 03, 2012 at 10:30:38AM -0500, James B. Byrne wrote:
> I encountered a couple of strange events with respect to
> password authentication this morning. Two of our staff
> were unable to login onto several systems using their
> usual passwords.  Both users had last logged in on these
> hosts using their accounts and passwords on Friday past.
> 
> The two accounts could not log on to any of the servers
> for which they had access and the message log on each
> showed that access was denied for a failed password.  The
> systems involved were running either CentOS-4.9 or
> CentOS-5.7.  So, the effect was uniform across multiple
> hardware and software platforms.  I also checked these
> accounts against our warm backup machine and encountered
> the same problems for both.
> 
> I verified that the passwords being used were correct for
> the accounts.  I also verified that neither of passwords
> had been reset in some months and there were no expiry
> dates set for the accounts.
> 
> I would accept the coincidence of both forgetting their
> passwords except for the fact that each had kept a record
> of their password in their wallets and I was able to
> confirm those values against our records as well.
> 
> Resetting both the passwords to their current values using
> the passwd utility on each system corrected the problem
> insofar as the users were concerned.  However, I am
> somewhat perplexed as to the reason for their passwords to
> stop working in the first place. Is anyone here aware of
> any reason why this might happen?
Any chance it is something as basic as the caps lock key getting
hit unbeknownst to the users?   It has happened to me a number
of times - especially on my current keyboard which does not
have an indicator light.

////jerry    
  
  
> 
> -- 
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

The /etc/shadow file has fields that control account login properties. The
following is out of the man file for /etc/shadow:

struct spwd {
                 char *sp_namp; /* user login name */
                 char *sp_pwdp; /* encrypted password */
                 long sp_lstchg; /* last password change */
                 int  sp_min; /* days until change allowed. */
                 int  sp_max; /* days before change required */
                 int  sp_warn; /* days warning for expiration */
                 int  sp_inact; /* days before account inactive */
                 int  sp_expire; /* date when account expires */
                 int  sp_flag; /* reserved for future use */
       }

Could it be  that the expiration field was set such that the passwords
expired?


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf
Of James B. Byrne
Sent: 03 January 2012 17:31
To: centos at centos.org
Subject: [CentOS] Passwords apparently stopped working.

I encountered a couple of strange events with respect to
password authentication this morning. Two of our staff
were unable to login onto several systems using their
usual passwords.  Both users had last logged in on these
hosts using their accounts and passwords on Friday past.

The two accounts could not log on to any of the servers
for which they had access and the message log on each
showed that access was denied for a failed password.  The
systems involved were running either CentOS-4.9 or
CentOS-5.7.  So, the effect was uniform across multiple
hardware and software platforms.  I also checked these
accounts against our warm backup machine and encountered
the same problems for both.

I verified that the passwords being used were correct for
the accounts.  I also verified that neither of passwords
had been reset in some months and there were no expiry
dates set for the accounts.

I would accept the coincidence of both forgetting their
passwords except for the fact that each had kept a record
of their password in their wallets and I was able to
confirm those values against our records as well.

Resetting both the passwords to their current values using
the passwd utility on each system corrected the problem
insofar as the users were concerned.  However, I am
somewhat perplexed as to the reason for their passwords to
stop working in the first place. Is anyone here aware of
any reason why this might happen?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos