I recently did some modifications & a bit of hardening to the zone I whose snapshot I use as a sort of template for other zones. while creating users I found that I wasn't allowed to set their passwords or change passwords of existing users.
I kept getting "Unexpected failure. Password file/table unchanged." when modifying passwords.
root@ztemplate:/etc/default# passwd test
New Password:
Unexpected failure. Password file/table unchanged.
I kept getting "Unexpected failure. Password file/table unchanged." when modifying passwords.
root@ztemplate:/etc/default# passwd test
New Password:
Unexpected failure. Password file/table unchanged.
Now, My first instinct from what I've read pointed me to PAM but unfortunately the file /etc/pam.conf was unused i.e. everything was commented.
After a bit of trial & error I found the issue.
It was a misconfiguration in /etc/default/passwd file in the password complexity tunables section:
MINDIFF=3
MINALPHA=2
MINUPPER=2
MINLOWER=2
MAXREPEATS=0
MINSPECIAL=1
MINDIGIT=1
WHITESPACE=YES
MINNONALPHA=1
Actually, MINNONALPHA parameter cannot be used in conjunction with MINSPECIAL & MINDIGIT.
When I commented out MINNONALPHA the parameter I was able to update passwords again flawlessly keeping in line with the password complexity tunables.
Here's a quick description of the above mentioned tunables:
MAXREPEATS
Maximum number of allowable consecutive repeating characters. If MAXREPEATS is not set or is zero (0), the default is no checks
MINALPHA
Minimum number of alpha character required. If MINALPHA is not set, the default is 2.
MINDIFF
Minimum differences required between an old and a new password. If MINDIFF is not set, the default is 3.
MINDIGIT
Minimum number of digits required. If MINDIGIT is not set or is set to zero (0), the default is no checks. You cannot be specify MINDIGIT if MINNONALPHA is also specified.
MINLOWER
Minimum number of lower case letters required. If not set or zero (0), the default is no checks.
MINNONALPHA
Minimum number of non-alpha (including numeric and special) required. If MINNONALPHA is not set, the default is 1. You cannot specify MINNONALPHA if MINDIGIT or MINSPECIAL is also specified.
MINSPECIAL
Minimum number of special (non-alpha and non-digit) characters required. If MINSPECIAL is not set or is zero (0), the default is no checks. You cannot specify MINSPECIAL if you also specify MINNONALPHA.
MINUPPER
Minimum number of upper case letters required. If MINUPPER is not set or is zero (0), the default is no checks.
WHITESPACE
Determine if white space characters are allowed in passwords. Valid values are YES and NO. If WHITESPACE is not set or is set to YES, white space characters are allowed.
I hope this helps someone dealing with this error in the future.
wonderful solution. worked.
ReplyDeleteGlad to know it was useful.
DeleteThanks a lot !!!!!
ReplyDeleteIt was very useful for me.
Thank you!
ReplyDeletethanks! Still using it in 2019! regards!
ReplyDelete