Corruption With the User Password History File
The below error occurs when changing password for users:
3004-622 An error occurred updating the password database.
3004-709 Error changing password for <UserName> : Value is invalid.
Cause
Corruption with user password history file occurs due to various reasons and
causes users and administrators not to allow a change to user passwords.
pwdhist File
Purpose
Contains password history information.
Description
The /etc/security/pwdhist.dir and /etc/security/pwdhist.pag files are database files created and maintained by Database Manager (DBM) subroutines. The files maintain a list of previous user passwords.
The pwdhist files store information by user name. User names are the keys of the DBM subroutines. The password list contains multiple pairs of a lastupdate value and an encrypted, null-terminated password. This password list is a key's associated content and the lastupdate value is a 4-byte, unsigned long. The encrypted password is the size of the PW_CRYPTLEN value. Thus, an entry in the database file is of the following format:
lastupdatepasswordlastupdatepasswordlastupdatepasswor
d...
The password list is in descending chronological order, with the most recent password appearing first in the list.
Resolving the password history corruption problem:
Backup password history files:
cd to /etc/security
cp pwdhist.dir pwdhist.dir.bak
cp pwdhist.pag pwdhist.pag.bak
Zero-out the two original files:
> pwdhist.dir
> pwdhist.pag
Attempt to change the user password:
passwd <UserName>
This will allow a change to the users password, however does
not log any information to the history files (they will
still be zero bytes until a password change is done again).
The below error occurs when changing password for users:
3004-622 An error occurred updating the password database.
3004-709 Error changing password for <UserName> : Value is invalid.
Cause
Corruption with user password history file occurs due to various reasons and
causes users and administrators not to allow a change to user passwords.
pwdhist File
Purpose
Contains password history information.
Description
The /etc/security/pwdhist.dir and /etc/security/pwdhist.pag files are database files created and maintained by Database Manager (DBM) subroutines. The files maintain a list of previous user passwords.
The pwdhist files store information by user name. User names are the keys of the DBM subroutines. The password list contains multiple pairs of a lastupdate value and an encrypted, null-terminated password. This password list is a key's associated content and the lastupdate value is a 4-byte, unsigned long. The encrypted password is the size of the PW_CRYPTLEN value. Thus, an entry in the database file is of the following format:
lastupdatepasswordlastupdatepasswordlastupdatepasswor
d...
The password list is in descending chronological order, with the most recent password appearing first in the list.
Resolving the password history corruption problem:
Backup password history files:
cd to /etc/security
cp pwdhist.dir pwdhist.dir.bak
cp pwdhist.pag pwdhist.pag.bak
Zero-out the two original files:
> pwdhist.dir
> pwdhist.pag
Attempt to change the user password:
passwd <UserName>
This will allow a change to the users password, however does
not log any information to the history files (they will
still be zero bytes until a password change is done again).
No comments:
Post a Comment