on Runnning passwd command on HPUX 11.23
I am getting
pam_chauthtok: Shared object load failure.
Pls help ...
Has the pam.conf got changed ?
-- The following answer was provided by a user on those forums: --
Check your pam.conf is modified or pam_chauthtok may corrupted .. 
unable to figureout . might be someone tinkered withthe pam.conf .
seems reinstallation is the only solution
thanks the geek and katb .. I had checked the HP forum that you hyperlinked .. still clueless
pam_chauthtok doesnt exist on our system 
Okay, REMOVE the line in pam.conf that refers to pam_chauthtok. It's probably unnecessary.
Look, PAM has three parts: a configuration file, a set of modules which do the hard work, and an API for applications (like "passwd" and "login") to interface to. Each application can use PAM how it wants, but there are general guidelines everyone follows. First, each application will go through PAM's "auth" service, which authenticates the user of the application. This is where "passwd" asks for your existing password and then uses each module that is configured in "pam.conf" (for "passwd" program) and invokes the "auth" service for all modules listed in the "auth" service; a failure in any one of the required modules will fail the whole service. Then, the "passwd" program will ask you for your new password (twice) and will then invoke the "password" service for each module listed in pam.conf for the passwd program under the "password" service; again, a failure for any required module will fail the whole service. In your case the failure is for a module failing to load. I suspect the chauthtok module is not really needed. So you can remove the line in pam.conf that says something like:
passwd password required pam_chauthtok.so
Now, if I'm wrong, one possibility is that passwd will fail "silently". That is, it will tell you it worked, when in fact, no change to the shadow file was actually made. In this case, it might be that pam_chauthtok was removed or that it is another module here that is needed.
Hi otheus ,
following are the contents of my pam.conf file
#
# PAM configuration
#
# Notes:
#
# If the path to a library is not absolute, it is assumed to be
# relative to the directory /usr/lib/security/$ISA/
#
# For PA applications, /usr/lib/security/$ISA/libpam_unix.so.1 is a
# symbolic link that points to the corresponding PA (32 or 64-bit) PAM
# backend library.
#
# The $ISA (i.e. Instruction Set Architecture) token will be replaced
# by the PAM engine with an appropriate directory string.
# See pam.conf(4).
#
# Also note that the use of pam_hpsec(5) is mandatory for some of
# the services. See pam_hpsec(5).
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
su auth required libpam_unix.so.1
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_unix.so.1
dtaction auth required libpam_hpsec.so.1
dtaction auth required libpam_unix.so.1
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_unix.so.1
rcomds auth required libpam_hpsec.so.1
rcomds auth required libpam_unix.so.1
sshd auth required libpam_hpsec.so.1
sshd auth required libpam_unix.so.1
OTHER auth required libpam_unix.so.1
#
# Account management
#
login account required libpam_hpsec.so.1
login account required libpam_unix.so.1
su account required libpam_unix.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account required libpam_unix.so.1
dtaction account required libpam_hpsec.so.1
dtaction account required libpam_unix.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_unix.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_unix.so.1
sshd account required libpam_hpsec.so.1
sshd account required libpam_unix.so.1
OTHER account required libpam_unix.so.1
#
# Session management
#
login session required libpam_hpsec.so.1
login session required libpam_unix.so.1
dtlogin session required libpam_hpsec.so.1
dtlogin session required libpam_unix.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
ftp session required libpam_unix.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session required libpam_unix.so.1
sshd session required libpam_hpsec.so.1
sshd session required libpam_unix.so.1
OTHER session required libpam_unix.so.1
#
# Password management
#
login password required libpam_hpsec.so.1
login password required libpam_unix.so.1
passwd password required libpam_hpsec.so.1
passwd password required libpam_unix.so.1
dtlogin password required libpam_hpsec.so.1
dtlogin password required libpam_unix.so.1
sshd password required libpam_hpsec.so.1
sshd password required libpam_unix.so.1
OTHER password required libpam_unix.so.1
I commented the line " passwd password required libpam_unix.so.1 "
But it didnt help.. Also we dont have /etc/shadow file nor /etc/pam_chauthtok . Ii verified the other servers also ..
Pls help
That line should STAY in.
I don't understand why you have no shadow file. Perhaps this is not a feature in HPUX. /etc/pam_chauthtok wouldn't exist. Is there a /etc/pam.d/passwd file?
Now that I've seen your pam.conf file, tThe whole thing sounds fishy. I'll bring this one to the attention of someone more versant in HPUX than myself.
Hi otheus
/etc/pam.d/passwd file also doesn't exist .
I checked on all servershere running HP -UX 11.23
Ah, try adding these lines:
passwd auth required libpam_hpsec.so.1
passwd auth required libpam_unix.so.1
passwd account required libpam_hpsec.so.1
passwd account required libpam_unix.so.1
Hi otheus
Thanks for all the pains you are taking but still on adding these four lines the error message doesn't gets dispalyed but the passwd command doesnt run ..
Just to verify I did an echo $? which returned a non zero (1) response code after i executed passwd command
pam_chauthtok: Shared object load failure this message is suppressed now but still the passwd command doesnt work ..
Pls help
So the command runs but now does nothing except exit with error-status of 1, right?
yes otheus , absolutely correct
So we're getting closer to the solution, but I'm really lost. See if this link is relevant to you at all: Help -
thanks otheus .. but it seems reinstallation is the only solution
Will wait for a day or two and then I will get on with the reinstallation ..
thanks