# Login problem after 11.1-RELEASE upgrade



## piggy (Sep 2, 2017)

Hello a aproblem here upgrading from 11-RELEASE to 11.1-RELEASE.

After finishing installing the binary from freebsd-update, I had an error related with the `pwdb` program unable to generate the new password file becouse master.passwd was corrupt.

So I booted in single user mode, get the master.passwd backup from /var/backups and regenerated the passwd file with `mk_passwd` command. I did it two times without the -p switch to regeneraate the .db files and then with the -p switch to regerate the passwd file.

Apparently everything was ok, no error messages and the renenerated passwd file contain all my users, it can be manipulate with the `pwd` command to change the password then the system do not accept any of those passwords on login.

I out of any possible idea. What can be? And what can I do to gain access to this system again?

Thankx


----------



## obsigna (Sep 2, 2017)

On one of my machines, I had also an issue with the password store after upgrading to 11.1-RELEASE, and I recovered it, with the following command: `pwd_mkdb -p /etc/master.passwd`. After this, everything was OK, and I didn't investigate further on why the password store was corrupted in the first place.

It is not that clear, which utility you used for changing your passwords, since pwd(1) is the command for retrieving the working directory name and pw(8), while its name suggests that it can be used to manage passwords, is not as easy as submitting a single command. The only related pw options are, and doing it wrong, the _"... the password will be set to ‘*’, rendering the account inaccessible via password-based login"_, see the man excerpt:

```
...
    -h fd          This option provides a special interface by which
                   interactive scripts can set an account password using pw.
                   Because the command line and environment are fundamentally
                   insecure mechanisms by which programs can accept
                   information, pw will only allow setting of account and
                   group passwords via a file descriptor (usually a pipe
                   between an interactive script and the program).  sh, bash,
                   ksh and perl all possess mechanisms by which this can be
                   done.  Alternatively, pw will prompt for the user's
                   password if -h 0 is given, nominating stdin as the file
                   descriptor on which to read the password.  Note that this
                   password will be read only once and is intended for use by
                   a script rather than for interactive use.  If you wish to
                   have new password confirmation along the lines of
                   passwd(1), this must be implemented as part of an
                   interactive script that calls pw.

                   If a value of ‘-’ is given as the argument fd, then the
                   password will be set to ‘*’, rendering the account
                   inaccessible via password-based login.

     -H fd         Read an encrypted password string from the specified file
                   descriptor.  This is like -h, but the password should be
                   supplied already encrypted in a form suitable for writing
                   directly to the password database.
```
I use the passwd(1) utility for changing passwords, and this one is simply working on all of my machines since ever up to after upgrading to FreeBSD 11.1-RELEASE.


----------



## aa (Sep 2, 2017)

File pwd.db is generated from passwd. 
master.passwd database should be spwd.db
Sure you can do the hardway/manually, or you can just type `vipw` and save.


----------



## obsigna (Sep 2, 2017)

aa said:


> File pwd.db is generated from passwd.
> master.passwd database should be spwd.db


You want to read passwd(5) to get the concepts updated.


aa said:


> Sure you can do the hardway/manually, or you can just type `vipw` and save.


Thank you, but for me it is much harder to google for what's still the favorite save & exit command of vi, than simply type in passwd.


----------



## aa (Sep 2, 2017)

I thougt that `vipw` was depend on envar `EDITOR`, not always vi.

`passwd` won't work if you have *only *master.passwd file.
`passwd` is used to modify password, not repairing a broken system,
it can't even used to clearing password, I think.

On the other hand, `vipw` will regenerate all the necessary files based only on master.passwd

To save, just type `[B]:wq![/B]` (you don't even need to modify them, just to regenerate passwd, pwd.db and spwd.db).


----------



## piggy (Sep 2, 2017)

Hello, we can not call this thread solved, then I'm tired of this FreeBSD freebsd-updates "mergemaster type" glitches. Considering I'm a backup type of guy, I started over wiping the machine and loading the backup I did just a moment before starting to upgrade just in case...

Even if they greatly simplified all that mess of merging configurations files under freebsd-update, there are still problems and this is what generated the failing logins. 

Those perverted <<<<<<  >>>>> killed my and probably others (another guy is in this thread) systems, and I don't really have time to loose troubleshooting this, even - as a backup type of guys, I do have all the backups in /var. I'm upgrading again right now. I'll let you know if this time succeeded.


----------



## piggy (Sep 2, 2017)

Neither this time it succeeded and I accepted all the proposed defaults by freebsd-update. Exact same problem of before. Machine broken. Lucky I'm still the same old type of backup guy.


----------

