Environment:
OS: Darwin 2009 = Mac OS X 10.6.2
When using Webmin module > System > Users and Groups > Edit User
and change the shell for instance from /bin/bash to /bin/zsh this specific user can no longer login with has password via ssh.
Console shows:
15-12-09 01:12:02 sshd[9723] in pam_sm_authenticate(): Failed to determine Kerberos principal name.
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:05 sshd[9721] error: PAM: authentication error for %%username%% from %%hostname.domain.tld%% via %%ip.add.re.ss%%
Workaround: when resetting the users password from Mac OS X > Control Panel > Accounts > to the old password, the user can login again.
Does this only happen when you change the shell, or does it occur for any user information change, like the description?
Also, when you edit a user, is the "Pre-encrypted password" field filled in with his password hash?
1. There is no description field for a user in webmin, so I cannot test that.
2. When changing the 'real name', the user can no longer login. Note that "Password" 'No password required' is selected. (<- this might be causing the problem); When setting a normal password, the user is able to login again. Maybe the default should be changed, to save the earlier set password on Mac OS X level.
3. The pre-encrypted password field is not filled: it is empty.
4. Only 50% of the user base has a pre-encrypted password visible within Webmin.
BTW: This machine was an OS X 10.5 machine, being upgraded to 10.6
Ok, this may be caused by some change in the storage of hashed passwords in OSX 10.6, which I haven't tested on yet. Older versions used a per-user file in the directory /var/db/shadow/hash to get the current hash from ... does OSX 10.6 have that directory?
Closing due to comment spam