Cant change or recover password

Question

TL; DR: Went to change password after suspecting my system got compromised, and realized i can't see any users under "User Accounts" and can't change password in terminal with passwd ; how do I fix this ?

After getting kernel panic while on an umprotected network ( public library, that is ) I've realized that the laptopt login screen hangs forever. Once I went to change password I've realized no user ( i have two ) shows up in users and group menus of any desktop environment.

I've successfully changed root password with passwd , but passwd for myself asks for kerberos password ( which is apparently a kde thing ). I currently type on phone , so can't post any screen shots.

Now, I do have ftp and telnet on my laptop enabled so I wouldn't be surprised that my system got compromised.

Any suggestions besides reinstalling the system or nuking it from yhe orbit ? Thanks for any help in advance

kerberos is a network authentication protocol, so maybe is this a business laptop your IT department configured authenticate to the corporate network? If so, you will need to have them reset your password. — psusi, Jan 11 '15 at 02:27
It's a personal laptop. I've installed kde and heimdall , and as far as I understand, kerberos comes with either one of them. So you can guess that I've no idea how to deal with kerberos. Right now I'm removing kde completely and have already removed the two user accounts I had , and have created new sudoer profile — Sergiy Kolodyazhnyy, Jan 11 '15 at 03:27
Well I have removed kde and reinstalled ubuntu desktop but still same story. Type passwd , it asks Current Kerberos Password. I enter my ubuntu password , it asks question one more time and gives Authentication token manipulation error — Sergiy Kolodyazhnyy, Jan 11 '15 at 04:07
Serg, have a look at what's a good backup strategy for 1 PC. You're user type 4. — Fabby, Jan 14 '15 at 10:44
I think I've clearly stated what I'm asking before in TL:DR part at the top, but just in case, I edited it again. — Sergiy Kolodyazhnyy, Jan 16 '15 at 14:47
@Fabby Thanks ! My lappie is definitely my life, and I haven't done any backups, unfortunately. Good material for the future though ! — Sergiy Kolodyazhnyy, Jan 16 '15 at 14:48

score 3 · Answer 1 · answered Jan 10 '15 at 23:51

I would use a boot CD, and either chroot & change password - make sure you mount --bind the CD $PATH directories though, not use any potentially bad executables - or else just add yourself as a new user, edit the numeric ID's, & copy the current /etc/passwd* to your drive - keeping a copy of the old ones - & re-try; if that doesn't fix it you could download chkrootkit & try that.

I would be less happy about using a USB stick for this purpose.

If it has been hacked, though, there could be any number of hidden things & I'd retrieve my data & wipe the laptop - probably with a cat /dev/random >/dev/sda on the way.

No need for a livecd; if you can't sudo then just boot into rescue mode. — psusi, Jan 11 '15 at 03:30

Sergiy Kolodyazhnyy · Accepted Answer · 2015-01-16T14:50:29.153

What has happened

After I've got kernel panic and my lappie crashed on a public wifi, I went to reset password, and realized kerberos would not let me, though the password I entered 100% was correct
I could not see any users appearing in any graphical app from any desktop environment that allows managing user accounts
checking with netstat -tpn I noticed an established tcp connection from ssmtp to a chinese ip address

What caused the events

Last years' spring, when I just started out with Ubuntu, I've commented out line Exec=/usr/lib/accountsservice/accounts-daemon form file /usr/share/dbus-1/system-services/org.freedesktop.Accounts.service. The idea came from a post about changing greeter background.
I knew of the effect before, but since then forgot what happens.
apparently disabling this daemon somehow "confused" kerberos
kerberos itself may have come with kde or from mistakenly installing heimdal instead of heimdall (a program for android), but these are more of a guess than facts
I've been using newer 3.18 kernel, as well as new wireless card (rtl8192se). Wireless card has been giving much trouble to me: frequent drops of connection and interfering with audio in any playback (youtube, smplayer, etc.), which does not occur with the original card.
the "chinese-connection" came from long ago , when I experimented with ssmtp before discovering how I can use msmtp with mutt to check my email, which is . . . .chinese.

What I've done to fix the problem

Mainly what has done the job was removing kde and other several packages, among which were heimdal. There may have been other packages, but i didn't exactly document the process well.

Basically, in the last 24 hours, I've bricked the system over and over by removing kde, heimdall, reinstalling ubuntu-desktop and gnome-shell, accidentally removing coreutils (and I've now learned about "Yes, do as I say!" verification message in apt-get, which you should never ignore ). I went on mounting the system on a live usb as told in this article (mainly the Update Failure part). I've reinstalled coreutils, bsdmainutils, network-manager, as well as ubuntu-desktop (again, though didn't seem to make much difference) and gnome-shell. And viola - here i am, typing on a new account, which my home folder still in /home and files all intact, untouched. Small copy of .mozilla and .muttrc files made me feel at home again on this new account. Next step will be just to change ownership of my old folder with sudo chown -hR newAccount.newUsergroup /home/myOldFolder and clean up the mess.

In summary

The whole thing has been just a combination of accidents, which resulted in me panicking. From a more positive outlook, I've learned a few good lessons for future.

Asking for suggestions in an answer isn't likely to obtain results. If you have another question, http://askubuntu.com/help/how-to-ask — Elder Geek, Jan 16 '15 at 14:04
@ElderGeek Thanks. My primary question was figuring out why the system wouldn't show any users and kerberos thing wouldn't let me change password. I wasn't exactly expecting an answer/suggestion here, as I know it's not related — Sergiy Kolodyazhnyy, Jan 16 '15 at 14:42
I guess I was confused by "I'd appreciate any suggestions on closing the port or removing the kerberos-adm in some way; otherwise, if it works and is safe - good enough for me." Feel free to edit that part out or I can do it for you. — Elder Geek, Jan 16 '15 at 14:43
@ElderGeek Already did. Is it prohibited to include such statements in posts at all ? — Sergiy Kolodyazhnyy, Jan 16 '15 at 14:51
Serg, to answer above question: No it's not, you will just have very little feed-back as it's an answer, not a question. Secondly: Well done! Congrats (and an upvote) I would immediately make a system back-up and when the next LTS version comes out, re-install and not upgrade... — Fabby, Jan 16 '15 at 14:55
@Serg for future reference questions and answers regarding the usage of the site can be found here: http://meta.askubuntu.com I personally have found it very useful. — Elder Geek, Jan 16 '15 at 15:26

Cant change or recover password

2 Answers2