Article ID: 6260, created on Apr 17, 2009, last review on Apr 21, 2016

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Symptoms

After changing the password for the "root" user inside a container based on Ubuntu 8.10, this user cannot log in to the container's Virtuozzo Power Panel, and inside the Service CT, in /var/log/vzcp/vzcpcon.log, the following errors can be observed:

---8<---
09/03/2009 09:14:46.8401430 [5711] : (SSO) No SAML token in request - user is not authenticated
09/03/2009 09:14:46.8460590 [17585] : (SSO) No SAML token in request - user is not authenticated
09/03/2009 09:14:46.8591000 [17586] : (SSO) No SAML token in request - user is not authenticated
09/03/2009 09:14:47.5330300 [5711] : (SSO) No SAML token in request - user is not authenticated
09/03/2009 09:14:50.8877060 [5711] : (SSO) No SAML token in request - user is not authenticated
--->8---

Resolution

The error message "(SSO) No SAML token in request" means that the user is not authenticated. In a Ubuntu 8.10 container, it could be due to a password hash encoding issue, i.e., the password line in /etc/shadow is larger than in normal cases. The reason is that Plesk and Virtuozzo tools are not capable of SHA256 and SHA512 hashes, while the default policy in Ubuntu 8.10 seems to be forced to use SHA512 hashing. For example, in Debian 5.0 (and previous versions of Debian and Ubuntu), it was set to MD5:

~# grep '^[^#]' /etc/pam.d/common-password
password   required   pam_unix.so nullok obscure min=4 max=8 md5
~#

Thus, it is sufficient to update the file and reset the password:

~# grep '^[^#]' /etc/pam.d/common-password
password        [success=1 default=ignore]      pam_unix.so obscure sha512
password        requisite                       pam_deny.so
password        required                        pam_permit.so

~# vim /etc/pam.d/common-password

~# grep '^[^#]' /etc/pam.d/common-password
password        [success=1 default=ignore]      pam_unix.so obscure md5
password        requisite                       pam_deny.so
password        required                        pam_permit.so
~#

After that, please set a new password for your account using the "passwd" command again.

To fix this issue for all newly created containers on Ubuntu 8.10, please apply this procedure:

Add to the file "/vz/template/ubuntu/8.10/x86*/config/os/default/post-install" the following line:

~# sed '/^password.*pam_unix.so.*sha512/ s~sha512~md5~' -i etc/pam.d/common-password

Then rebuild the cache of OS templates:

~# vzpkg remove cache ubuntu-8.10-x86{,_64}
~# vzpkg create cache ubuntu-8.10-x86{,_64}

35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF