Webmin / Bugs / #3567 OS X Password lost when changing user shell

#3567 OS X Password lost when changing user shell

Milestone: 1.500

Status: closed

Owner: Jamie Cameron

Labels: Users and Groups (152)

Priority: 5

Updated: 2011-06-24

Created: 2009-12-15

Creator: Anonymous

Private: No

Environment:
OS: Darwin 2009 = Mac OS X 10.6.2

When using Webmin module > System > Users and Groups > Edit User
and change the shell for instance from /bin/bash to /bin/zsh this specific user can no longer login with has password via ssh.

Console shows:
15-12-09 01:12:02 sshd[9723] in pam_sm_authenticate(): Failed to determine Kerberos principal name.
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:02 sandboxd[9724] sshd(9722) deny mach-per-user-lookup
15-12-09 01:12:05 sshd[9721] error: PAM: authentication error for %%username%% from %%hostname.domain.tld%% via %%ip.add.re.ss%%

Workaround: when resetting the users password from Mac OS X > Control Panel > Accounts > to the old password, the user can login again.

Discussion

Jamie Cameron - 2009-12-15

Does this only happen when you change the shell, or does it occur for any user information change, like the description?

Also, when you edit a user, is the "Pre-encrypted password" field filled in with his password hash?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

cj0 - 2009-12-22

1. There is no description field for a user in webmin, so I cannot test that.
2. When changing the 'real name', the user can no longer login. Note that "Password" 'No password required' is selected. (<- this might be causing the problem); When setting a normal password, the user is able to login again. Maybe the default should be changed, to save the earlier set password on Mac OS X level.
3. The pre-encrypted password field is not filled: it is empty.
4. Only 50% of the user base has a pre-encrypted password visible within Webmin.

BTW: This machine was an OS X 10.5 machine, being upgraded to 10.6

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jamie Cameron - 2009-12-24

Ok, this may be caused by some change in the storage of hashed passwords in OSX 10.6, which I haven't tested on yet. Older versions used a per-user file in the directory /var/db/shadow/hash to get the current hash from ... does OSX 10.6 have that directory?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jamie Cameron - 2011-06-24

Closing due to comment spam

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jamie Cameron - 2011-06-24

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

OS X Password lost when changing user shell

A web-based interface for system administration of UNIX

Group

Searches

Help

#3567 OS X Password lost when changing user shell

Discussion