Results 1 to 5 of 5

Thread: (ldap) passwd: Authentication information cannot be recovered

  1. #1
    Join Date
    Mar 2007
    Beans
    13

    (ldap) passwd: Authentication information cannot be recovered

    We use ldap for authentication and have been for several years now. On new installs (10.04) and using the ldap-auth-client and related packages. Logins using the new system have worked fine but when trying to change a password it won't work.

    Code:
    $ passwd
    Enter login(LDAP) password: 
    passwd: Authentication information cannot be recovered
    passwd: password unchanged
    And in /var/log/auth.log (hotname and username have been masked):
    Code:
    Dec  7 09:41:14 HOSTNAME passwd[5238]: pam_unix(passwd:chauthtok): user "USERNAME" does not exist in /etc/passwd
    Running 'getent passwd' works as expected, returning passwd lines for all ldap users. On servers I upgraded to 10.04 from 8.04 they still used a more manual setup and I can change passwords from those servers fine.

    (edit)Didn't see the "mark as solved" option in menu
    Last edited by vrillusions; December 9th, 2010 at 03:50 PM.

  2. #2
    Join Date
    May 2007
    Location
    Phoenix, Arizona USA
    Beans
    2,909
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: (ldap) passwd: Authentication information cannot be recovered

    What is the content of your /etc/pam.d/common-password file?

    -Tim
    www.pcchopshop.net

    Hard to find and obsolete PC and server parts. "If we can't find it, it probably doesn't exist"

  3. #3
    Join Date
    Mar 2007
    Beans
    13

    Re: (ldap) passwd: Authentication information cannot be recovered

    Code:
    #
    # /etc/pam.d/common-password - password-related modules common to all services
    # -- removed comment header talking about various options --
    
    # here are the per-package modules (the "Primary" block)
    password	[success=2 default=ignore]	pam_unix.so obscure sha512
    password	[success=1 user_unknown=ignore default=die]	pam_ldap.so use_authtok try_first_pass
    # here's the fallback if no module succeeds
    password	requisite			pam_deny.so
    # prime the stack with a positive return value if there isn't one already;
    # this avoids us returning an error just because nothing sets a success code
    # since the modules above will each just jump around
    password	required			pam_permit.so
    # and here are more per-package modules (the "Additional" block)
    password	optional	pam_gnome_keyring.so 
    # end of pam-auth-update config

  4. #4
    Join Date
    May 2007
    Location
    Phoenix, Arizona USA
    Beans
    2,909
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: (ldap) passwd: Authentication information cannot be recovered

    Try removing the use_authtok parameter and save the file. You may need to restart.

    -Tim
    www.pcchopshop.net

    Hard to find and obsolete PC and server parts. "If we can't find it, it probably doesn't exist"

  5. #5
    Join Date
    Mar 2007
    Beans
    13

    Re: (ldap) passwd: Authentication information cannot be recovered

    Thanks, that fixed it. Next question, how do I setup pam-auth-config so it knows not to include that? I'll probably end up going back to modifying the files by hand, which won't be too bad if I ever get things automated. Thanks for you help.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •