[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Can't authenticate some accounts

Dear list,

After installing a new server, we ran into some accounts which can't 

In short, I can find just two common symptoms:

a) all accounts are NIS accounts
b) pam_authenticate() returns error 6: "Permission denied".

The problem manifests itself on a small percentage of our accounts. All 
accounts are created equal, using a script.
The accounts have a valid md5-crypted password. Changing the password doesn't 
work (the account remains locked/unusable).

Failing accounts can be old account (from before installing the server) or new 

The accounts do work on other servers with older PAM versions (such as

The accounts are listed correctly by both 'ypcat passwd' and 'getent passwd'.

The accounts never expire and aren't locked.

"Permission denied" on pam_authenticate() is undocumented.

The problem manifests itself on all services.

The configuration of the machine:

auth    required        pam_env.so
auth    sufficient      pam_unix2.so
auth    sufficient      pam_ldap.so     use_first_pass


passwd: files nis ldap
shadow: files nis ldap


opensuse 11.0 with pam 1.0.1-8.1

I'm at a loss here. I've got no clue where to find the problem. Any pointers 
would be greatly appriciated.

Met vriendelijke groet,

Erik Hensema / HostingXS Internet Services

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]