[Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

OkDragonfruit1929 · 2024-01-27 23:16:41

Hello everyone,

I'm seeking assistance with an issue I've encountered on my Arch Linux hardened setup. I have installed Arch many many times without issue before, however, this is admittedly my first time installing arch with full-disk encryption running linux-hardened kernel with LVM+LUKS+BTRFS

I have finished the install, rebooted, removed the live media, and booted up into my LUKS LVM encrypted volume and logged in as root. Here's a brief overview of my environment and what I've done so far:

Installed Packages: base, linux-hardened, linux-firmware, lvm2, btrfs-progs, and sudo
Root Access: I can log in as root without any problems.
User Access: I can't log in as user. Whether or not I define a password with the passwsord switch
```
useradd -m -s /usr/bin/bash <username> -p <pass>
```
su User Access: I can su from root to the new user. When I try to change the password while operating as the user, the user authentication always fails whether a password is set or not.
User Management: Creating and deleting users works fine.

Issue: When I log in as root, create a new user, and attempt to use the

passwd

command to change the user's password, I receive the following error:

passwd: Authentication failure
passwd: password unchanged

Troubleshooting Steps Taken:

After some googling, I found similar issues, but none with the exact situation I am facing. Mostly the issues were described as being related to the root partition being read-only, which is NOT my situation. My root partition is correctly mounted as read-write.

Other issues found while googling seemed to indicate a problem with the permissions on

/usr/bin/passwd

, which I also verified is not what is causing my issue.

Root Partition: Confirmed that my root partition is mounted as read-write (rw).

passwd Permissions: Checked the permissions of the passwd application:

ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 80800 Jan 16 02:06 /usr/bin/passwd

Despite these steps, the issue persists. I haven't encountered this before and am unsure how to proceed. Any advice or suggestions would be greatly appreciated. Thank you in advance for your help!

Best regards,

Last edited by OkDragonfruit1929 (2024-01-28 15:17:47)

OkDragonfruit1929 · 2024-01-27 23:45:11

I should have done some more searching. The issue is related to a known bug in pam 1.6.0-3 https://bbs.archlinux.org/viewtopic.php?id=292113

wget https://archive.archlinux.org/packages/p/pam/pam-1.5.3-3-x86_64.pkg.tar.zst
sudo pacman -U pam-1.5.3-3-x86_64.pkg.tar.zst

This resolved the problem

The issue was resolved

loqs · 2024-01-28 10:51:18

Does the proposed fix for https://gitlab.archlinux.org/archlinux/ … -/issues/3 resolve this issue? See Patching_packages#Applying_patches.
Diff of changes to apply patch and increment pkgrel:

diff --git a/PKGBUILD b/PKGBUILD
index 9373b09..d2ac947 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 
 pkgname=pam
 pkgver=1.6.0
-pkgrel=3
+pkgrel=3.1
 pkgdesc="PAM (Pluggable Authentication Modules) library"
 arch=('x86_64')
 license=('GPL2')
@@ -14,6 +14,7 @@ makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
 provides=('libpam.so' 'libpamc.so' 'libpam_misc.so')
 backup=(etc/security/{access.conf,faillock.conf,group.conf,limits.conf,namespace.conf,namespace.init,pwhistory.conf,pam_env.conf,time.conf} etc/environment)
 source=(https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver{,-docs}.tar.xz{,.asc}
+        https://github.com/linux-pam/linux-pam/pull/757.patch
         $pkgname.tmpfiles)
 validpgpkeys=(
         '8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB' # Thorsten Kukuk
@@ -24,10 +25,15 @@ sha256sums=('fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad'
             'SKIP'
             '3e82730d3350795c42f3708f6609a92c1df841d518aa17c28fd702fe5ec23a32'
             'SKIP'
+            'a3ef5a353fffa008dfbd745f4aa2913320541240987fb4a9c047f64a9f2a5ee3'
             '5631f224e90c4f0459361c2a5b250112e3a91ba849754bb6f67d69d683a2e5ac')
 
 options=('!emptydirs')
 
+prepare() {
+  patch -Np1 -i ../757.patch -d Linux-PAM-$pkgver
+}
+
 build() {
   cd Linux-PAM-$pkgver
   ./configure \

Built package with the above applied:
https://drive.google.com/file/d/1Iwv9hh … sp=sharing pam-1.6.0-3.1-x86_64.pkg.tar.zst

seth · 2024-01-28 11:16:22

\o/
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

woodwose · 2024-01-28 15:32:18

How does downgrading a package, preventing an important update, solve the issue? This seems to affect linux-hardened, not the default kernel.

seth · 2024-01-28 15:40:17

The issue is related to a known bug in pam 1.6.0-3

It's immediately solved by mitigation and long term by fixing that bug.
https://github.com/linux-pam/linux-pam/ … 1908630169

woodwose · 2024-01-28 15:46:04

This issue seems to only happen with pam 1.6.0-3 and linux-hardened, though.

loqs · 2024-01-28 15:46:39

If https://github.com/linux-pam/linux-pam/pull/757 does not address the issue that needs to be reported to upstream PAM.

seth · 2024-01-28 15:47:21

No? How do you get that idea?

woodwose · 2024-01-28 15:48:59

By trying. passwd works with the default kernel, not with linux-hardened. All installations based on linux-hardened are broken atm, because of this. And downgrading pam is far from ideal in this case.

woodwose · 2024-01-28 15:49:41

loqs wrote:

If https://github.com/linux-pam/linux-pam/pull/757 does not address the issue that needs to be reported to upstream PAM.

I applied the patch to pam 1.6.0-3. It does not solve the issue.

loqs · 2024-01-28 15:50:56

woodwose wrote:

By trying. passwd works with the default kernel, not with linux-hardened. All installations based on linux-hardened are broken atm, because of this. And downgrading pam is far from ideal in this case.

Is the issue still present after applying https://github.com/linux-pam/linux-pam/pull/757 The issue can also be triggered by openvpn without the linux-hardened requirement assuming it is the same issue.

loqs · 2024-01-28 15:53:48

loqs wrote:

woodwose wrote:
By trying. passwd works with the default kernel, not with linux-hardened. All installations based on linux-hardened are broken atm, because of this. And downgrading pam is far from ideal in this case.
Is the issue still present after applying https://github.com/linux-pam/linux-pam/pull/757 The issue can also be triggered by openvpn without the linux-hardened requirement assuming it is the same issue.

Edit:

woodwose wrote:

I applied the patch to pam 1.6.0-3. It does not solve the issue.

Posting at the same time. Ideally you need to bisect pam between 1.5.3 and 1.6.0 or start with https://github.com/linux-pam/linux-pam/ … e1001878be and its parent to see which commit introduced the issue.
Edit2:
Or try reverting https://github.com/linux-pam/linux-pam/ … e1001878be

Last edited by loqs (2024-01-28 16:01:20)

Arch Linux

#1 2024-01-27 23:16:41

[Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#2 2024-01-27 23:45:11

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#3 2024-01-28 10:51:18

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#4 2024-01-28 11:16:22

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#5 2024-01-28 15:32:18

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#6 2024-01-28 15:40:17

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#7 2024-01-28 15:46:04

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#8 2024-01-28 15:46:39

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#9 2024-01-28 15:47:21

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#10 2024-01-28 15:48:59

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#11 2024-01-28 15:49:41

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#12 2024-01-28 15:50:56

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

#13 2024-01-28 15:53:48

Re: [Solved] Issue with `passwd` Command on Arch Linux - Auth Failure

Board footer