[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

re: Newbie: cannot log into box



Ok, a couple of differences here:

on the line:
auth        sufficient    /lib/security/pam_unix.so likeauth nullok debug

does this increase the verbage from pam_unix.so?  I didn't notice any additional data in the /var/log/messages or secure logs.

An order difference in account section, I don't believe that should be significant since the stack matches.

a couple of minor? items in session.


*********************

[root@Webby pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     required      /lib/security/pam_ldap.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so


 >>  You need to look @ system-auth in your pam dir.

 >>  have a look @ mine

 >>  auth        required      /lib/security/pam_env.so
 >>  auth        sufficient    /lib/security/pam_unix.so likeauth nullok debug
 >>  auth        sufficient    /lib/security/pam_ldap.so use_first_pass
 >>  auth        required      /lib/security/pam_deny.so

 >>  account      sufficient    /lib/security/pam_ldap.so
 >>  account      required   /lib/security/pam_unix.so

 >>  password    required      /lib/security/pam_cracklib.so retry=3 type=
 >>  password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
 >>  shadow
 >>  password    sufficient    /lib/security/pam_ldap.so use_authtok
 >>  password    required      /lib/security/pam_deny.so

 >>  session     optional      /lib/security/pam_mkhomedir.so
 >>  session     required      /lib/security/pam_limits.so
 >>  session     required      /lib/security/pam_unix.so
 >>  session     optional      /lib/security/pam_ldap.so



 >>  
 >>  
 >>  Alan Womack                                            
 >>  
 >>  <arwbackup@worldne       To:     <pam-list@redhat.com> 
 >>  
 >>  t.att.net>               cc:                           
 >>  
 >>  Sent by:                 Subject:     Newbie: cannot
 >>  log into box                                                            
 >>  pam-list-admin@red                                     
 >>  
 >>  hat.com                                                
 >>  
 >>  
 >>  
 >>  
 >>  
 >>  06/26/02 08:28 AM                                      
 >>  
 >>  Please respond to                                      
 >>  
 >>  pam-list                                               
 >>  
 >>  
 >>  
 >>  
 >>  




 >>  I am working on getting user authentication with ldap going.  I had it
 >>  working ok, but I could not add a user that could login.  Only the users
 >>  that existed before I got ldap authentication going were able to login.

 >>  Therefore I have been trying to learn what part of the authentication
 >>  stack
 >>  was failing.

 >>  I have access to machine because I have several tty's loged into root.

 >>  In an attempt to diagnose which PAM module is having trouble I have tried
 >>  to change my /etc/pam.d/login to read:


 >>  [root@Webby pam.d]# cat login
 >>  #%PAM-1.0
 >>  auth required /lib/security/pam_permit.so
 >>  auth required /lib/security/pam_warn.so
 >>  #auth       required    /lib/security/pam_securetty.so
 >>  #auth       required    /lib/security/pam_stack.so service=system-auth
 >>  #auth       required    /lib/security/pam_nologin.so
 >>  #account    required    /lib/security/pam_stack.so service=system-auth
 >>  #password   required    /lib/security/pam_stack.so service=system-auth
 >>  #session    required    /lib/security/pam_stack.so service=system-auth
 >>  #session    optional    /lib/security/pam_console.so

 >>  my limited understanding from the redhat reference guide is that this
 >>  should allow me to log in regardless of what the user name is?  Is this
 >>  correct?

 >>  When I try to login from the console on tty2, I get a very fast flash of:

 >>  user account has expired

 >>  I have checked via the graphical redhat-user-configuration program and
 >>  expiration of my accounts is not enabled.




Epson Inkjet Printer FAQ: http://welcome.to/epson-inkjet





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []