One of the changes between shadow-4-0.4 and shadow-4.0.5 is that some of the tools that read /etc/pam.d/shadow with 4.0.4 now want their own file. A list of the affected tools, distilled from a grep for pam_start: groupadd, groupdel, groupmod, chpasswd, newusers, userdel, usermod. Of these groupadd already has the new pam.d file. All of these contain a pam_start ("shadow", ...) in the older version of shadow and a pam_start (toolname, ...) in the new one. I've only verified usermod and groupdel, since a pattern emerged :). usermod started working if I made /etc/pam.d/usermod a symlink to /etc/pam.d/shadow. Possible solutions I know of: - create the new files. - make the new files be symlinks to 'shadow' - undo the changes in the source Reproducible: Always Steps to Reproduce: 1. sudo /usr/sbin/usermod -c randomComment marienz Actual Results: usermod: PAM authentication failed Expected Results: Changed my account. Portage 2.0.51-r2 (default-x86-2004.2, gcc-3.4.2, glibc-2.3.4.20041021-r0, 2.6.9 -gentoo-r2-m1 i686) ================================================================= System uname: 2.6.9-gentoo-r2-m1 i686 AMD Athlon(tm) XP 2600+ Gentoo Base System version 1.6.5 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.92.0.2-r1 Headers: sys-kernel/linux26-headers-2.6.8.1-r1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb -frename-registers" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb -frename-registers" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs candy ccache distlocks sandbox userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage" USE="3dnow 3dnowex X alsa ansi apm avi bitmap-fonts cdr crypt dga edl emacs esd f77 faad fbcon foomaticdb gnome gtk2 hal javascript jit jpeg libcaca libg++ libwww lufsusermount maildir md5sum mikmod mmx mmx2 mng mozdevelop mpeg ncurses nethack network nls nntp no-old-linux nptl nptlonly oggvorbis opengl pam png python quicktime readline rtc softmmu spell sse ssl svg tcpd tetex truetype unicode userlocales x86 xml2 xv zlib"
!!! This bug breaks gentoo standard install !!! i ran into this error while doing "emerge system" groupmod: PAM authentication failed !!! ERROR: sys-apps/slocate-2.7-r5 failed. !!! Function pkg_postinst, Line 61, Exitcode 9 !!! Failed to create slocate group !!! If you need support, post the topmost build error, NOT this status message. that's because slocate is in 2004.2 packages file and shadow-4.0.5 compiled with USE="pam" (which is in 2004.2 make.defaults) does not add proper pam configuration for groupmod (8). i fixed this by making a symbolic link as suggested above # ln -s /etc/pam.d/shadow /etc/pam.d/groupmod and then # ebuild /usr/portage/sys-apps/slocate/slocate-2.7-r5.ebuild postinst ends with no error. there's already someone reporting the problem here: http://forums.gentoo.org/viewtopic.php?t=246292
yep, a quick grep on the source code confirms your analysis :) fixed in 4.0.5-r1
*** Bug 70063 has been marked as a duplicate of this bug. ***
*** Bug 70049 has been marked as a duplicate of this bug. ***