Login issues

bitlord · October 4, 2012, 11:24am

Hello,
I'm having trouble logging into some of my servers. I can log into all my servers if I'm using my ssh agent, but if I use my password, the login fails on some servers. If I become root and then become anther user and then try to su - to anther user using a password it fails.

When something breaks the 1st thing you check is the last change. The last change was this. I moved all the servers from using md5 hashes for shoring our passwords to sha512. I looked in /etc/security/crypt.conf and /etc/security/policy.conf which are the files that where changed. They are the same when compared to each other. So I don't know why some servers are work and others are not.

I did notice that on the servers that where not working had CRYPT_ALGORITHMS_ALLOW=1,2a,md5 instead of CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6. I have corrected this and I'm still having issues.

By the way all the servers are Solaris 10

Any ideas. Any help would be great.

DGPickett · October 4, 2012, 3:13pm

Have you been using -v so you have verbose progress information. With a more specific problem, Google will help us more.

You should have ssh in your title. Soilaris and login is still a bit vague.

bitlord · October 4, 2012, 3:37pm

I did to do a

ssh -v server

This what it said after I did that.

password:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publicey,keyborad-interactive
debug1: Next authentication method: keyborad-interactive
password:

Also it is not really a ssh issue. If I become root and then become anther user. And then tried to su - to the user with the sha512 hash I would not be able to become that user.

DGPickett · October 5, 2012, 11:57am

Run id as you got through each step to see the id and efffective id. Root might be surviving as an effective id.

bitlord · October 5, 2012, 1:00pm

I think I have the answer. The Solaris 10 servers that are having the issue are older servers. The newer builds are not heaving the issue. It looks like the older servers need a patch. I downloaded the patch 140905-02 and installed it on the older servers. I'm just waiting on permission to restart the server so the patch can take affect.

bitlord · October 9, 2012, 9:39am

I have rebooted the server and all is working fine.
Thank you to all of you that looked at this issue.