0

I have centos 7.4.1708 on VMWARE. In order to remove constraints for password length and disable dictionary checking I did some change in 2 OS files i.e. /etc/security/pwquality.conf and /etc/pam.d/system-auth. Eventually after these changes I could not login again into my user in Centos.

Rebooting my system in single-user mode according to this tutorial to reset password did not helped and it does not worked and I could not login again and I receive Login Incorrect message for every user and password combination. How should I fix this situation?

Here is contents of configuration files:

/etc/pam.d/system-auth: enter image description here

/etc/security/pwquality.conf: enter image description here

VSB
  • 165
  • 1
  • 6
  • 1
    Check the system logs. – Michael Hampton Jul 06 '19 at 15:04
  • Revert your changes from a live boot or in rescue mode? – Thomas Jul 07 '19 at 10:15
  • @MichaelHampton I don'n know what was the problem. But disabling SELINUX fixed the issue. I did see SELINUX forbid access to several files inside logs – VSB Jul 07 '19 at 17:22
  • 1
    CentOS 7 comes with SELinux in enforcing mode. Changing the password in single user mode changes the SELinux type of /etc/shadow or you disabled SELinux in that shell. And that requires relabeling of your system. A `touch /.autorelabel` should fix it without permanently disabling SELInux and making Dan Walsh cry ;-) – Reiner Rottmann Jul 08 '19 at 08:33
  • @ReinerRottmann I did execute `touch /.autorelabel` after `passwd` in single user mode but it did not helped and I've forced to make Dan Walsh cry by disabling SELINUX! And a question? does /.autorelabel must exist before i touch it or touching and making it created, acts as a flag for SELINUX? – VSB Jul 10 '19 at 14:38
  • @VSB you need to create the file and this triggers a SELinux relabeling during the next reboot. SELinux need to be in permissive or enforced mode, though. – Reiner Rottmann Jul 10 '19 at 20:52

0 Answers0