Filevault Enabled : At boot, keyboard for password is qwerty

Similar Messages

• Ipad show a keyboard for password, old password no longer works

  I use my old iPad 1 (MC49LL) only as a great GPS in my motorhome. I use a new iPad Air for everything else. But somehow, the old unit no longer shows the regular touchpad for my password; it shows a keyboard. And my old password no longer works--the same I have used for years on all my Apple devices. I tried resetting the unit with iTunes, but the it is still calling for a password with a keyboard, and is requiring a longer and longer time between tries. Has anyone experienced this? Any idea how to get past this?

  Due to security vulnerabilities, rolling back to Firefox 4.0.1 is not recommended. Firefox 3.6.18 would be the safer choice.
  Here's the process to roll back:
  First, I recommend backing up your Firefox settings in case something goes wrong. See [https://support.mozilla.com/en-US/kb/Backing+up+your+information Backing up your information]. (You can copy your entire Firefox profile folder somewhere outside of the Mozilla folder.)
  Next, download and save Firefox 3.6 to your desktop for future installation. http://www.mozilla.com/firefox/all-older
  Close Firefox 5.
  You could install Firefox 3.6 over it (many have reported success) or you could uninstall Firefox first. If you uninstall, do not remove your personal data and settings, just the program.
  Unless you have installed an incompatible add-on, Firefox 3.6 should pick up where you left off. If there are serious issues, please post back with details.
  Note: I haven't actually tried this myself!

• Filevault 2.0 doesn't let me through at boot with correct password

  I have login problems with the Filevault in Lion.
  Before enabling Filevault I renewed my administrator account password since it was quite old already. 
  After enabling the Filevault I rebooted the computer. In the beginning of the boot I got a login prompt as I should but when I typed in my password the login prompt "shaked" and obviously told me that the password is wrong.  Well I thought that maybe I just mistyped the password twice when I updated my password and therefore I used the recovery key, which worked.  After using recovery key the login screen asked for a new password. This time I was careful and sure about the password.
  Everything seemed to work, I did some things (install apps/change preferences) which needed my admin account password, typed it in and everything worked.
  Then a day later I rebooted the computer the second time and again the login at boot didn't let me throught with password which was for SURE the correct one. Again, I used the recovery key, changed the password, rebooted, the same thing - won't let me through with the password, only with the recovery key.
  No idea what I should do. One possibility would be to try to disable and enable again Filevault, but I don't want to try it before some comments and suggestions.

  OK I just enabled FileVault and had that same issue after restarting. It refused my correct password three times, so I had to use the recovery key to log in. When it asked me to enter a new password, I just clicked "enter" and a new login prompt, just like the older one, let me enter my good old password. Voilá, it worked this time.
  Since FileVault is still encrypting the disk, I haven't rebooted again, or shut down the computer (it just happened a few minutes ago). I don't know if I'll have the same problem again when doing so. Any input about this issue?
  (For an instant I thought my keyboard might have changed its layout, but who knows?)
  I'll post any developments.
  rolando

• What happens after numerous failed password attempts on a FileVault enabled system?

  Just curious what happens when someone hits the limit of password entry attempts on a FileVault enabled system?  Does it wipe the disk?  Or is the encryption key broken rendering the disk unusable?

  "If you forget your login password for a OS X Lion FileVault-encrypted drive, and you had chosen to store your recovery key with Apple, you may contact AppleCare and request retrieval of your recovery key. Typing in the wrong login password three times will produce a note under the password field which states, "If you forgot your password, you can… …reset it using your recovery key."
  http://support.apple.com/kb/HT4790

• Cannot enable parental controls for Guest if FileVault enabled

  FileVault is enabled on my Mac.  When I subsequently enabled Find My Mac, the Guest User account was automatically enabled, as it is required for Find My Mac's theft recovery feature. When I accessed the Guest User in the Users & Groups Preferences panel, the "Enable parental controls" option for Guest User was greyed out.  Thus, anyone with physical access to my computer, such as my kid, can gain unfettered access to the Internet without a password. 
  I did find a solution.  I unchecked the "Allow guests to log in to this computer" box in the Preferences panel.  This caused the "Enable parental controls" box to become checked (seems to be a bug).  I then checked the "Allow guests to log in to this computer" box, which caused the "Enable parental controls" box to become unchecked.  At this point, the "Enable parental controls" box was no longer greyed out, and I was able to check it. 
  System: Late 2014 Retina iMac with 3.5 GHz Intel Core i5, 8 GB memory, OS 10.10

  Update: Although the method above appeared to enable parental controls, they do not work.  When I log in as Guest (causing the computer to reboot into Safari-only mode), I am able to access a very well-known adult website (play*** dot com). 

• Dear , please help me to solve my problem in activating my iPhone Where I lost it since 3 months and when found it cannot activating my ID Where give me (Your Apple ID has been disabled for security reasons. To enable your account, reset your password at

  Dear , please help me to solve my problem in activating my iPhone
  Where I lost it since 3 months and when found it cannot activating my ID
  Where give me (Your Apple ID has been disabled for security reasons. To enable your account, reset your password at applied.apple.com)
  And try to reset my password but cannot please help me where am a poor man and cannot pay another money to solving this problem to any one
  My iPhone data
  Ime:  ****
  Model: A1332
  FCC  ID : BCG-E2380A
  IC: 579C-E2380A
  MY id at cloud   ****
  Password    ( ****)
  My country : Egypt
  MY EMAIL : ****
  Tell no: ****
  <Personal Information Edited By Host>

  The following may help:
  Apple ID: 'This Apple ID has been disabled for security reasons' alert appears - Apple Support
  If you didn't receive your Apple ID verification or reset email - Apple Support

• A friend bought second hand macbook air mid 2011 with crossed circle on the display, we tried recovery from partition and same thing happened, after internet recovery it stays the same except now it asks for password for boot option, what happened?

  A friend bought second hand macbook air mid 2011 with crossed circle on the display and give to me to try to recover the system, I tried recovery from partition and same thing occured, after internet recovery it stays the same-crossed circle after reboot, then we tried to boot from USB with mac os 10.8 on it, it installs something,like it has being finishing installation, rebootes, and now it asks for password for boot option.We have no idea what that password could be.What happened!!!

  I forgot to write down my computer specs:
  iMac 27 Mid 2011
  2.7 GHz Intel Core i5
  4 GB 1333 MHz DDR3
  AMD Radeon HD 6770M 512 MB
  OS X 10.9.2

• The keyboard for my iMac 9, 1 got wet and is not working correctlly. Delete,return, and some other keys not functioning. In all caps including numerals. I've left it to dry for a few days but still will not work. Computer now in Safe boot mode and I c

  The keyboard for my iMac 9, got wet and is not working correctly. Delete ,return, and some other keys not functioning. In all caps including numerals. I've left it to dry for a few days but still will not work. Computer now in Safe boot mode and I can't login due to all caps and numbers being symbols. Is there anything I can do?

  Buy a replacement keyboard. They're only $50-65 USD.
  27" i7 iMac (Mid 2011) refurb, OS X Yo (10.10), Mavs, ML & SL, G4 450 MP w/10.5 & 9.2.2

• HT3986 Does anyone know how to enable the "Delete" key for logging on the Windows 7 partition on the latest iMac, via the latest Apple wireless keyboard? Many Thanks

  Hi All
  Does anyone know how to enable the "Delete" key for logging on the Windows 7 partition on the latest iMac, via the latest Apple wireless keyboard - the standard wired apple keyboard works fine via this key but not the new wireless keyboard?
  Many Thanks

  Holy crap, this fixes the issue.  At least temporarily it has.  I should add that my issue was single finger forward/back swipe stopped working on the magic mouse in Firefox since Mavericks came along.  I have been fighting this since I upgraded to Mavericks a few months ago.  Thank you, tbirdvet.  You have no idea how much easier you just made using my iMac again.
  Message was edited by: wadems

• I did force shutdown on my MacBook Pro (2006 year, 15.4"), so, when I tried to boot, it shows apple logo (as usual) and shuts down. When I booting MacBook with Option key pressed it shows lock icon and field for password. Please help me.

  I did force shutdown on my MacBook Pro (2006 year, 15.4"), so, when I tried to boot, it shows apple logo (as usual) and shuts down. When I booting MacBook with Option key pressed it shows lock icon and field for password. Please help me.

  Wait for advice on repairing a damaged filesystem.  Forceshutdown stops processs in mid-stream and leaves some parts not-valid.
  Do not proceed until you get that avice.

• HT1414 being asked for backup phone passworde to continue. tried apple id and passcode for keyboard lock but wont accept . i know of no other password . anyone run into this ? right after i loaded update it said backup not complete and asked for password

  does anyone know what password they are looking for when asked to backup phone? tried apple id and keyboard lock password but no luck ? was asked after update said backup not complete please enter password?

  I think it is asking for the password for your encrypted backup.
  Encrypted backup
  http://support.apple.com/kb/ht4946

• After booting itunes asks for password ..

  only on my mini i7 itunes always asks for password, very anoying ..
  thankfull for any ideas to solve this.
  (all other macs no problem)

  Sounds like you encrypted your iPhone backup. If you did, a password is required to restore the information to iPhone(the one you entered when you checked the box to encrypt your backup). If you encrypt an iPhone backup in iTunes and then forget your password, you will not be able to restore from backup and your data will be unrecoverable. If you cannot remember the password and want to start again, you will have to do a full software restore and when prompted by iTunes to select the backup to restore from, choose Set up as a new device.

• How to enable enter button on keyboard for action on jsp page with adf11g

  hello,
  i have a login page, when i press login button with mouse it is working.
  But i want to click 'enter' button on the keyboard when inputbox is focused.
  For example i entered user and i entered passsword and click 'enter' button on keyboard for login action. How can i do this easily with adf11g ?
  thanks for interests.

  i tried but on af:form we have not defaultAction. i saw, there has defaultCommand i tried this but not acceptable by warning that about, "no id or naming containers". We has an id on command but what is naming containers.
  Other question is,
  How to write javascript on the adf tools? We have not any, "onClick, onPressed vs..".
  Thanks for helps.

• (passwordless ssh) I keep getting asked for password

  I've been trying to set up passwordless ssh to my webhost, but it keeps asking for my user password (please note "password" is to be distinguished from "passphrase").
  I've set up keychain and x11-askpass, and it asks me for my passphrase when I log in after a fresh boot, so no problems there.
  Here is some verbose output (sanitized):
  [username@localmachine ~]$ ssh -vvv [email protected]
  OpenSSH_4.5p1, OpenSSL 0.9.8e 23 Feb 2007
  debug1: Reading configuration data /home/username/.ssh/config
  debug1: Applying options for *
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to ssh.webhost.net [208.48.143.22] port 22.
  debug1: Connection established.
  debug3: Not a RSA1 key file /home/username/.ssh/id_rsa.
  debug2: key_type_from_name: unknown key type '-----BEGIN'
  debug3: key_read: missing keytype
  debug2: key_type_from_name: unknown key type 'Proc-Type:'
  debug3: key_read: missing keytype
  debug2: key_type_from_name: unknown key type 'DEK-Info:'
  debug3: key_read: missing keytype
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug3: key_read: missing whitespace
  debug2: key_type_from_name: unknown key type '-----END'
  debug3: key_read: missing keytype
  debug1: identity file /home/username/.ssh/id_rsa type 1
  debug1: identity file /home/username/.ssh/id_dsa type -1
  debug1: Remote protocol version 1.99, remote software version OpenSSH_4.5
  debug1: match: OpenSSH_4.5 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.5
  debug2: fd 3 setting O_NONBLOCK
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: none,[email protected],zlib
  debug2: kex_parse_kexinit: none,[email protected],zlib
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit: first_kex_follows 0
  debug2: kex_parse_kexinit: reserved 0
  debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: none,[email protected]
  debug2: kex_parse_kexinit: none,[email protected]
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit: first_kex_follows 0
  debug2: kex_parse_kexinit: reserved 0
  debug2: mac_init: found hmac-md5
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug2: mac_init: found hmac-md5
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug2: dh_gen_key: priv key bits set: 130/256
  debug2: bits set: 499/1024
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug3: check_host_in_hostfile: filename /home/username/.ssh/known_hosts
  debug3: check_host_in_hostfile: match line 1
  debug3: check_host_in_hostfile: filename /home/username/.ssh/known_hosts
  debug3: check_host_in_hostfile: match line 1
  debug1: Host 'ssh.webhost.net' is known and matches the RSA host key.
  debug1: Found key in /home/username/.ssh/known_hosts:1
  debug2: bits set: 500/1024
  debug1: ssh_rsa_verify: signature correct
  debug2: kex_derive_keys
  debug2: set_newkeys: mode 1
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug2: set_newkeys: mode 0
  debug1: SSH2_MSG_NEWKEYS received
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug2: service_accept: ssh-userauth
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug2: key: /home/username/.ssh/id_rsa (0x80989c8)
  debug2: key: /home/username/.ssh/id_dsa ((nil))
  debug1: Authentications that can continue: publickey,password
  debug3: start over, passed a different list publickey,password
  debug3: preferred publickey,keyboard-interactive,password
  debug3: authmethod_lookup publickey
  debug3: remaining preferred: keyboard-interactive,password
  debug3: authmethod_is_enabled publickey
  debug1: Next authentication method: publickey
  debug1: Offering public key: /home/username/.ssh/id_rsa
  debug3: send_pubkey_test
  debug2: we sent a publickey packet, wait for reply
  debug1: Authentications that can continue: publickey,password
  debug1: Trying private key: /home/username/.ssh/id_dsa
  debug3: no such identity: /home/username/.ssh/id_dsa
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup password
  debug3: remaining preferred: ,password
  debug3: authmethod_is_enabled password
  debug1: Next authentication method: password
  [email protected]'s password:
  I've been searching far and wide but I haven't had success. Help please!

  debug3: send_pubkey_test
  debug2: we sent a publickey packet, wait for reply
  debug1: Authentications that can continue: publickey,password
  It looks like it's sending the key just fine, but the server is asking for the next authentication method.  It could be possible that the server doesn't support key-based connections, or that your public key on the server is invalid.

• Pam.conf does not use ldap for password length check when changing passwd

  I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
  I have dsee 6.0 installed on a solaris 10 server (client).
  I have a solaris 9 server (server) set up to use ldap authentication.
  bash-2.05# cat /var/ldap/ldap_client_file
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= X, Y
  NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_BIND_TIME= 10
  bash-2.05# cat /var/ldap/ldap_client_cred
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
  NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
  bash-2.05# cat /etc/nsswitch.conf
  # /etc/nsswitch.ldap:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP in conjunction with files.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
  passwd: files ldap
  group: files ldap
  # consult /etc "files" only if ldap is down.
  hosts: files dns
  ipnodes: files
  # Uncomment the following line and comment out the above to resolve
  # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
  # IPv4 addresses are searched in all of the ipnodes databases before
  # searching the hosts databases. Before turning this option on, consult
  # the Network Administration Guide for more details on using IPv6.
  #ipnodes: ldap [NOTFOUND=return] files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: ldap
  automount: files ldap
  aliases: files ldap
  # for efficient getservbyname() avoid ldap
  services: files ldap
  sendmailvars: files
  printers: user files ldap
  auth_attr: files ldap
  prof_attr: files ldap
  project: files ldap
  bash-2.05# cat /etc/pam.conf
  #ident "@(#)pam.conf 1.20 02/01/23 SMI"
  # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1 debug
  login auth required pam_dhkeys.so.1 debug
  login auth required pam_dial_auth.so.1 debug
  login auth binding pam_unix_auth.so.1 server_policy debug
  login auth required pam_ldap.so.1 use_first_pass debug
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1 use_first_pass
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_auth.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1 use_first_pass
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authenctication
  other auth requisite pam_authtok_get.so.1 debug
  other auth required pam_dhkeys.so.1 debug
  other auth binding pam_unix_auth.so.1 server_policy debug
  other auth required pam_ldap.so.1 use_first_pass debug
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy debug
  passwd auth required pam_ldap.so.1 use_first_pass debug
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_projects.so.1
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1 debug
  other account required pam_projects.so.1 debug
  other account binding pam_unix_account.so.1 server_policy debug
  other account required pam_ldap.so.1 no_pass debug
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1 debug
  other password requisite pam_authtok_get.so.1 debug
  other password requisite pam_authtok_check.so.1 debug
  other password required pam_authtok_store.so.1 server_policy debug
  # Support for Kerberos V5 authentication (uncomment to use Kerberos)
  #rlogin auth optional pam_krb5.so.1 try_first_pass
  #login auth optional pam_krb5.so.1 try_first_pass
  #other auth optional pam_krb5.so.1 try_first_pass
  #cron account optional pam_krb5.so.1
  #other account optional pam_krb5.so.1
  #other session optional pam_krb5.so.1
  #other password optional pam_krb5.so.1 try_first_pass
  I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
  May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
  May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
  May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
  May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
  May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
  May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
  May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
  May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
  May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
  May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
  May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
  May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
  If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
  bash-2.05$ passwd
  passwd: Changing password for VV
  Enter existing login password:
  New Password:
  passwd: Password too short - must be at least 8 characters.
  Please try again
  May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
  May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
  May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
  May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
  May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
  May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
  May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
  I am using the default policy on the directory server which states a minimum password length of 6 characters.
  server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
  pwd-accept-hashed-pwd-enabled : N/A
  pwd-check-enabled : off
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 1d
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : off
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : off
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : disabled
  pwd-max-failure-count : 3
  pwd-max-history-count : disabled
  pwd-min-age : disabled
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : CRYPT
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : off
  pwd-strong-check-require-charset : lower
  pwd-strong-check-require-charset : upper
  pwd-strong-check-require-charset : digit
  pwd-strong-check-require-charset : special
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : off
  Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
  . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
  I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
  Edited by: ericduggan on Sep 8, 2008 5:30 AM

  you can try passwd -r ldap for changing the ldap passwds...