Password reset not working and I have locked down my Centos 7.4

Support for security such as Firewalls and securing linux
Post Reply
v_samadi
Posts: 5
Joined: 2018/08/24 14:27:03

Password reset not working and I have locked down my Centos 7.4

Post by v_samadi » 2019/07/05 16:18:39

I have centos 7.4.1708 on VMWARE.
In order to remove constraints for password length and disable dictionary checking I did some change in 2 OS files i.e. /etc/security/pwquality.conf and /etc/pam.d/system-auth. Eventually after these changes I could not login again into my user profile in Centos.

Rebooting my system in single-user mode according to this tutorial to reset password did not helped and it does not worked and I could not login again and I receive Login Incorrect message for every user and password combination. How should I fix this situation?

Here is contents of configuration files:

/etc/pam.d/system-auth:
Image

/etc/security/pwquality.conf:
Image

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Password reset not working and I have locked down my Centos 7.4

Post by TrevorH » 2019/07/05 17:04:54

What did you use to edit those files?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

v_samadi
Posts: 5
Joined: 2018/08/24 14:27:03

Re: Password reset not working and I have locked down my Centos 7.4

Post by v_samadi » 2019/07/06 09:06:27

I've used 'vi' to edit those files manually.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Password reset not working and I have locked down my Centos 7.4

Post by TrevorH » 2019/07/06 09:12:41

You're going to need to read your logs to find out what the problem is. By the sounds of it, you will need to boot from rescue media to do that if you cannot logon. The install DVD has a Rescue target that's listed off the "Troubelshhoting" menu that appears when it's booted.

I compared your files with mine and couldn't see any obvious differences that would make it fail but I'm no pam expert. I also wonder if you've managed to mangle the selinux contexts on the files while editing them. Running restorecon would fix them if so.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

v_samadi
Posts: 5
Joined: 2018/08/24 14:27:03

Re: Password reset not working and I have locked down my Centos 7.4

Post by v_samadi » 2019/07/06 09:24:52

I did check the logs and disabling SELinux fixed this problem.
But I still don't know what was the reason for this:

Code: Select all

Jul  6 13:40:02 DESIGN_Lab setroubleshoot: SELinux is preventing /usr/sbin/unix_chkpwd from read access on the file /etc/shadow. For complete SELinux messages run: sealert -l bf147829-eaed-455c-82f0-9b05b8ba68c2
Jul  6 13:40:02 DESIGN_Lab python: SELinux is preventing /usr/sbin/unix_chkpwd from read access on the file /etc/shadow.#

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Password reset not working and I have locked down my Centos 7.4

Post by TrevorH » 2019/07/06 09:28:53

Post the output from ls -laZ /etc/shadow

Running restorecon -RFv /etc/shadow looks like it would fix that one (but ls -laZ it first or it'll be too late). There may be other files affected so this might not fix it immediately.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Password reset not working and I have locked down my Centos 7.4

Post by hunter86_bg » 2019/07/20 11:31:23

If you can afford the time go for a full relabel:

Code: Select all

touch /.autorelabel

Post Reply