passwords not recognized when su'ing from a terminal

[Andreas Bernauer]

Alain Cochard wrote on Fri, Jul 20 2007 at 11:59 (+0200):
> Just a few days ago, I stopped being able to 'su' or 'su some_user'
> from a terminal: the passwords are no longer accepted.  Same problem
> to unlock a session (need to enter the password).
> 
> I can still login OK (as root or any user) from the initial login
> screen or when switching user, or from a virtual terminal.
 
> That is what appears in my /var/log/secure file when I try to 'su -'
> from a terminal from my account (cochard):
> 
>    Jul 19 10:56:49 pcinvit10 su: pam_unix(su-l:auth): authentication
>    failure; logname=cochard uid=500 euid=500 tty=pts/12 ruser=cochard
>    rhost= user=root
 
> So I'm stuck here.  Thanks in advance for any piece of advice for
> investigating further.

You may not have noticed, but the problem seems to be that PAM is denying
access.  Check the file /etc/pam.d/su to see why it may be doing this.
My su-file looks like the one attached and is from FC6.  

You may also want to turn on some 'debug' option flag in the pam modules.  However,
there is no general debug interface to PAM (unfortunately).

Cheers,

Andreas.

-- 
http://www.lysium.de/blog
-------------- next part --------------
#%PAM-1.0
auth		sufficient	pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth		sufficient	pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth		required	pam_wheel.so use_uid
auth		include		system-auth
account		sufficient	pam_succeed_if.so uid = 0 use_uid quiet
account		include		system-auth
password	include		system-auth
session		include		system-auth
session		optional	pam_xauth.so
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070720/f0c1e5c9/attachment-0001.sig>