Bug 625347

Summary: su: incorrect password -- bug or feature (documented) ?
Product: [openSUSE] openSUSE 11.3 Reporter: Harald Koenig <koenig>
Component: BasesystemAssignee: Philipp Thomas <pth>
Status: VERIFIED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P4 - Low CC: verdelyi
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Harald Koenig 2010-07-24 18:32:17 UTC 
in 11.3 su to a user with password "!" in /etc/shadow does not work anymore, as it did in 11.1 (I just updated my vdr server from 11.1 to 11.3):

# su - vdrconv  -c id
su: incorrect password

by experimenting I noticed that su does work if I change the shadow password for this user from ! to *.

is this a bug or a known and documented feature ?
man pages for su and passwd/shadow don't give a hint:-(
Comment 1 Philipp Thomas 2010-07-26 11:09:56 UTC 
Here's Thorsten Kukuk's response in #533249:

I'm pretty sure, that all accounts, where a "su account" fails, have a locked
password. Either these accounts were not created as system account but are like postgresql, or these systems were updated from old systems, were the accounts
were created wrongly during installation. Or fresh created accounts without
password.

Solution is simple: unlock the accounts, or replace the '!' with a '*' or a
valid password.

Besides, that pam_unix.so seems to work but not pam_unix2.so is a well known,
heavy discussed bug (see linux-pam mailing list archive).
If you don't use shadow accounts (pwunconv), pam_unix.so will refuse login,
too. Only the shadow case was forgotten.
 ---------------------------------------------

#623432 has a possible solution, i.e. change the pam configuration.
Comment 2 Philipp Thomas 2010-09-09 10:29:40 UTC 
*** Bug 627275 has been marked as a duplicate of this bug. ***