We had a requirement to upgrade to Solaris 10 update 10. This was done to impose new password restrictions. So if I am logged into a machine with the new Solaris, the shadow file looks like this:
user:BnkEzDH.TQR2c:15734:7:60::35::
If I change the password:
user:$6$eOHd4.xw$Wmf8X/UZpkfvyZ2MAbnqsHMpAIHvWDCEaA3bWZBbacC.Rm.a8cdQTVYd0JlrCR3ezCbx5U/pbcnn2aYkfcfBM/:15734:7:60::35::
After I change I cannot log back in. If I go back and change shadow to its original entry, I can then log in. It appears to me, the the log in, is not using the same encryption as the password generation.
How come the two are not in sync?
I don't have access to Solaris, but I'll try to help anyway --
Likely /etc/login.defs or your PAM setup, if Solaris uses either of these.
if you grep for "pam_unix.so" in /etc/pam.d or a /etc/pam.conf, it should have sha512 for the newer password to work.
from a debian/linux machine:
password [success=1 default=ignore] pam_unix.so obscure sha512
1 Like
OK, thank you. I will give it a look tomorrow, since I am not at the machine. Thanks.
The machine is in Arizona and I was under the impression the Sol 10 box had been upgraded. Today I did a more on /etc/release and found out it hadn't. So the policy.conf had been changed, but the OS didn't know how to handle it. After the suspect machine was upgraded, the problem was resolved. Thanks.