Loading...
Loading...
When you run /bin/passwd as root you get an error: passwd.bin: unable to start pam: Critical error - immediate abort Failed to change user's password. Exiting. If you then run /bin/ausearch -m avc -ts recent, you see a lot of selinux denials for passwd.bin.
Root/admin user cannot change password using the standard /bin/passwd executable.
No special conditions needed
The workaround would be to disable selinux, change the password and re-enable selinux: # setenforce Permissive # passwd # setenforce Enforcing Alternatively, you can use the tmsh commands to change the passwords: tmsh modify auth password root Lastly, if you want to modify the selinux policy, this is the standard way of doing it: # ausearch -c passwd.bin --raw | audit2allow -M mypasswd # semoduile -i mypasswd.pp
With fix, BIG-IP has no issues with /bin/passwd.bin being denied by selinux and /bin/passwd works as expected.
F5 Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.