Bug ID 753564: Attempt to change password using /bin/passwd fails

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1

Fixed In:
15.0.0, 14.1.0.2

Opened: Dec 19, 2018
Severity: 3-Major

Symptoms

When you run /bin/passwd as root you get an error: passwd.bin: unable to start pam: Critical error - immediate abort Failed to change user's password. Exiting. If you then run /bin/ausearch -m avc -ts recent, you see a lot of selinux denials for passwd.bin.

Impact

Root/admin user cannot change password using the standard /bin/passwd executable.

Conditions

No special conditions needed

Workaround

The workaround would be to disable selinux, change the password and re-enable selinux: # setenforce Permissive # passwd # setenforce Enforcing Alternatively, you can use the tmsh commands to change the passwords: tmsh modify auth password root Lastly, if you want to modify the selinux policy, this is the standard way of doing it: # ausearch -c passwd.bin --raw | audit2allow -M mypasswd # semoduile -i mypasswd.pp

Fix Information

With fix, BIG-IP has no issues with /bin/passwd.bin being denied by selinux and /bin/passwd works as expected.

Behavior Change