IN BRIEF: Changing a user's password in /etc/shadow (using the passwd
command or otherwise) has no effect on RADIUS authentication. It allows the
user to login only on the old passwd (which physically does not even exist
in /etc/shadow!). Unless the user is deleted and then added with a new
password, a password change has no effect.
DETAILS:
Logins to our Portmaster 2E is RADIUS authenticated on a Linux machine with
shadow passwords. When a user's password is changed with the passwd command
(that came with the shadow password suite) or even if the (encrypted) password
is physically changed or even removed from /etc/shadow, RADIUS still
authenticates only on the old password. BUT a normal telnet login (not via
RADIUS) onto the machine authenticates on the newly changed password. All
users are on /etc/passwd, /etc/shadow of this Linux machine (and neither in
/etc/raddb/users nor on the PM2E). No DBM user database in use. No NIS.
Removed other files in /etc that have names starting with "passwd" and
"shadow" (such passwd- shadow- passwd.OLD etc.)
Any help, pointers would deeply be appreciated (before the gnomes get the
better of me!)
Thanks.
-- Samuel Koods Cimarron Network Services