Linux authentication token lock busy

DESCRIPTION

PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface — API) that privilege granting programs (such as login(1) and su(1)) defer to to perform standard authentication tasks.

Initialization and Cleanup

The pam_start(3) function creates the PAM context and initiates the PAM transaction. It is the first of the PAM functions that needs to be called by an application. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel. But it is not possible to use the same handle for different transactions, a new one is needed for every new context.

The pam_end(3) function terminates the PAM transaction and is the last function an application should call in the PAM context. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid. It can be called at any time to terminate a PAM transaction.

Authentication

The pam_authenticate(3) function is used to authenticate the user. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print.

The pam_setcred(3) function manages the user’s credentials.

Account Management

The pam_acct_mgmt(3) function is used to determine if the user’s account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated.

Password Management

The pam_chauthtok(3) function is used to change the authentication token for a given user on request or because the token has expired.

Session Management

The pam_open_session(3) function sets up a user session for a previously successful authenticated user. The session should later be terminated with a call to pam_close_session(3).

Conversation

The PAM library uses an application-defined callback to allow a direct communication between a loaded module and the application. This callback is specified by the struct pam_conv passed to pam_start(3) at the start of the transaction. See pam_conv(3) for details.

Data Objects

The pam_set_item(3) and pam_get_item(3) functions allows applications and PAM service modules to set and retrieve PAM information.

The pam_get_user(3) function is the preferred method to obtain the username.

The pam_set_data(3) and pam_get_data(3) functions allows PAM service modules to set and retrieve free-form data from one invocation to another.

Environment and Error Management

The pam_putenv(3), pam_getenv(3) and pam_getenvlist(3) functions are for maintaining a set of private environment variables.

The pam_strerror(3) function returns a pointer to a string describing the given PAM error code.

RETURN VALUES

The following return codes are known by PAM:

Источник

Сброс пароля root в Linux

Иногда в жизни бывают такие случаи когда необходимо сбросить рутовый пароль. Это можно сделать через консоль без всяких дополнительных дисков (LiveCD, WinPE…) В качестве примера берем дистрибутив Red Hat Enterprise Linux 5.

При начальной загрузки операционной системы нажимаем ENTER и попадаем в меню grub (У Вас он может чуть-чуть выглядит иначе)

Выбираем нужное нам ядро (в данном случаем оно одно), нажимаем клавишу ‘ e ‘, для редактирования ядра.

В меню редактирования выбираем строчку:

kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/

Нажимаем для редактирования параметров клавишу ‘ e ‘.

И редактируем выше указанную строчку:

kernel /vmlinuz-2.6.18-92.el5 rw root=/dev/sda1 init=/bin/bash

1. Вместо параметра ro, пишем rw.

2. Вместо root=LABEL=/ , пишем root=/dev/sdaX (вместо X — вашу цифру раздела, на котором расположен корень, как правило это либо 1, либо 2).

3. Добавляем в конце строчки init=/bin/bash (либо /bin/sh).

Далее жмем ENTER и выходим в предыдущее меню, где жмем клавишу ‘ b ‘ , для загрузки нашей редакции.

Происходит загрузка системы и если все сделано правильно мы попадаем в командную строчку:

#passwd (меняем пароль руту)

Если вы все сделали правильно, то вы должны увидеть следующую строчку:

Если вместо строки : all authentication token update successfully, вы увидите all authentication token lock busy — это означает что, пароль не был изменен на новый, так как файловая системы находиться в режиме только чтение. Иными словами ищите ошибки при монтировании и перемонтировании файловой системы.

Далее выполняем перезагрузку.

На этом все, обновленный пароль рута готов к использованию!

Источник

Thread: passwd: Authentication token lock busy

Banned

passwd: Authentication token lock busy SOLVED

passwd for users doesn’t work; I obtain this messege:

The fs is mounted rw, so mount -o remount,rw didn’t solved.
passwd from root works fine. Users can’t change theyr password.

Caffeine Fueled

Join Date Mar 2006 Location Williams Lake Beans 33,172 —> Beans Hidden! Distro Ubuntu Development Release

Re: passwd: Authentication token lock busy

Banned

Re: passwd: Authentication token lock busy

Originally Posted by cariboo907

Short on info? What do you need to know more?

It’s a server, so no X, No «System Prefs Whatsoever» stuff.

Users on the system can’t use «passwd» to change their own password.
Only root can do it.

asbesto@commercialista7:~$ uname -a
Linux commercialista7 2.6.26-2-686 #1 SMP Thu May 28 15:39:35 UTC 2009 i686 GNU/Linux
asbesto@commercialista7:~$
asbesto@commercialista7:~$ passwd
Changing password for asbesto.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token lock busy
passwd: password unchanged
asbesto@commercialista7:~$
asbesto@commercialista7:~$ su —
Password:
root@commercialista7:~# passwd asbesto
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@commercialista7:~#

p.s. Can be something PAM-related? A lock file somewhere?

Источник

Linux authentication token lock busy

• The number one in Linux and UNIX Health Checks
• Run hundreds of checks on your system in minutes
• Available for AIX and Red Hat Enterprise Linux

«It’s all about the ways clients can deploy Linux and UNIX systems to improve business performance.»

Authentication token lock busy

If you run into an error: «passwd: Authentication token lock busy» (E.g. on a RHEL server while trying to update the root password), then probably the root file system is set to read-only mode. You can make it read-write, by doing:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?

• Try a demo version
• Order UNIX Health Check
• Contact us

Order

No time to lose? Need to know what’s wrong with
your UNIX system now? Then get started TODAY!

Topics

• AIX (231)
• Backup & restore (42)
• DB2 (6)
• Docker (1)
• EMC (13)
• EMC Networker (3)
• Fun (3)
• GPFS (10)
• Hardware (12)
• HMC (15)
• HP Output Server (17)
• IBM Content Manager (20)
• Installation (30)
• Kubernetes (1)
• Logical Partitioning (6)
• LVM (16)
• Monitoring (15)
• Networking (32)
• NIM (12)
• ODM (4)
• Oracle (3)
• Performance (13)
• PowerHA / HACMP (31)
• Red Hat / Linux (103)
• SAN (20)
• Scripting (3)
• SDD (7)
• Security (45)
• Spectrum Protect (18)
• SSA (3)
• Storage (51)
• Sun Solaris (3)
• System Admin (249)
• Veritas NetBackup (1)
• Virtual I/O Server (5)
• Virtualization (11)
• VMWare (1)
• WebSphere (6)
• X11 (1)

This website is owned and operated by UNIX Health Check and protected by copyright. The material and information on this website may not be sold, duplicated on other websites or in any other forms, incorporated in commercial documents or products, or used for promotional purposes, without the prior written approval of UNIX Health Check.

Источник

Linux authentication token lock busy

The pam_chauthtok() function is called to change the authentication token associated with a particular user referenced by the authentication handle pamh .

The following flag may be passed in to pam_chauthtok() :

PAM_SILENT The password service should not generate any messages.

PAM_CHANGE_EXPIRED_AUTHTOK The password service should only update those passwords that have aged. If this flag is not passed, all password services should update their passwords.

PAM_NO_AUTHTOK_CHECK The password service should not perform conformance checks on the password entered.

Upon successful completion of the call, the authentication token of the user will be changed in accordance with the password service configured in the system through pam.conf (4).

RETURN VALUES

Upon successful completion, PAM_SUCCESS is returned. In addition to the error return values described in pam (3PAM), the following values may be returned:

PAM_PERM_DENIED No permission.

PAM_AUTHTOK_ERR Authentication token manipulation error.

PAM_AUTHTOK_RECOVERY_ERR Authentication information cannot be recovered.

PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy.

PAM_AUTHTOK_DISABLE_AGING Authentication token aging disabled.

PAM_USER_UNKNOWN User unknown to password service.

PAM_TRY_AGAIN Preliminary check by password service failed.

ATTRIBUTES

See attributes (5) for description of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE Interface Stability Stable MT-Level

SEE ALSO

login (1), passwd (1), pam (3PAM), pam_authenticate (3PAM), pam_start (3PAM), attributes

NOTES

The flag PAM_CHANGE_EXPIRED_AUTHTOK is typically used by a login application which has determined that the user’s password has aged or expired. Before allowing the user to login, the login application may invoke pam_chauthtok() with this flag to allow the user to update the password. Typically, applications such as passwd (1) should not use this flag.

The pam_chauthtok() functions performs a preliminary check before attempting to update passwords. This check is performed for each password module in the stack as listed in pam.conf (4). The check may include pinging remote name services to determine if they are available. If pam_chauthtok() returns PAM_TRY_AGAIN , then the check has failed, and passwords are not updated.

The flag PAM_NO_AUTHTOK_CHECK is typically used by programs that allow an administrator to bypass various password conformance checks when setting a password for a user.

The interfaces in libpam are MT-Safe only if each thread within the multithreaded application uses its own PAM handle.

Источник