Debugging OpenBSD passwd problems

I recently had to manually add a few users to /etc/passwd and /etc/master.passwd on an OpenBSD 3.9 server. After I added the entries, the accounts were still unable to login. I started poking around with ktrace, and noticed that during a normal account creation session the files /etc/pwd.db and /etc/spwd.db were modified:

$ ls -la /etc/*.db

-rw-r--r--  1 root  wheel    40960 Nov 23 05:38 /etc/pwd.db
-rw-r-----  1 root  _shadow  40960 Nov 23 05:38 /etc/spwd.db

After seeing this, I went and read up on both of these files. It turns out that /etc/passwd and /etc/master.passwd get converted to database files by pwd_mkdb, and then the database files are used for actual authentication. Once I ran pwd_mkdb by hand:

$ pwd_mkdb /etc/master.passwd

Everything worked as expected. I reckon other operating systems use database files as well, so I will have to keep this in mind the next time I try to muck with a credential repository manually.

2 thoughts on “Debugging OpenBSD passwd problems”

Leave a Reply

Your email address will not be published. Required fields are marked *