When doing ICA, I see that login, expiry, and su differ between first pass and next. Using objdump, I see that the files from first pass reference /bin/passwd, while the files from the next pass reference /usr/bin/passwd. Note that passwd is installed in /usr/bin (and not moved to /bin afterwards), so the files from the first pass reference a non existent file.
The reason is that configure uses default /bin/passwd if it does not find /usr/bin/passwd. Since passwd is not yet installed when first building shadow, the default is used, while on the second build, /usr/bin/passwd exists and is used. Looking at the source code, passwd is forked by the login program when a password has expired, so that the user can enter a new password. This fails when shadow has been built as in chapter 6. So for machines where: - shadow has not been recompiled (for pam or for upgrading) - password expiration is set for a user Then this user cannot login anymore when the password has expired, and cannot change her/his password. As an illustration, log as root to a fresh lfs, then: # useradd -m somebody # passwd somebody Changing password for somebody Enter the new password (minimum 5 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: passwd: password changed. # passwd -e somebody # makes the pasword expired passwd: password expiry information changed. # login pierre Password: Your password has expired; Choose a new password. Can't execute /bin/passwd: No such file or directory (there is a password entered at the three prompts above, but it does not show up) The workaround is to: touch /usr/bin/passwd before running configure Pierre -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
