Hi! I'm facing something like a miracle: On a SuSE 9.3 PC from time to time for some users the login is denied but the accounts are not set up with expiration nor are they disabled and the /etc/shadow is unchanged (compared with diff and md5sum with a copy of the file). In the log you get: Nov 12 22:12:34 tombombadil sshd[8677]: error: PAM: Authentication failure for bla from dslb-... Two other accounts still work every time. Hashing-algorithm for files in /etc/default/passwd is blowfish (CRYPT=des but CRYPT_FILES=blowfish). When running a passwd bla as root and defining the same password as before everything ist fine again. I ran chkrootkit (from a clean enviroment) on the machine without finding anything suspicious. Can anyone give me a hint? -- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216