[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Can't authenticate some accounts



Dear list,

After installing a new server, we ran into some accounts which can't 
authenticate.

In short, I can find just two common symptoms:

a) all accounts are NIS accounts
b) pam_authenticate() returns error 6: "Permission denied".

The problem manifests itself on a small percentage of our accounts. All 
accounts are created equal, using a script.
The accounts have a valid md5-crypted password. Changing the password doesn't 
work (the account remains locked/unusable).

Failing accounts can be old account (from before installing the server) or new 
accounts.

The accounts do work on other servers with older PAM versions (such as 
0.99.6.3-29.1).

The accounts are listed correctly by both 'ypcat passwd' and 'getent passwd'.

The accounts never expire and aren't locked.

"Permission denied" on pam_authenticate() is undocumented.

The problem manifests itself on all services.

The configuration of the machine:

auth    required        pam_env.so
auth    sufficient      pam_unix2.so
auth    sufficient      pam_ldap.so     use_first_pass

----

nsswitch.conf:
passwd: files nis ldap
shadow: files nis ldap

----

opensuse 11.0 with pam 1.0.1-8.1

I'm at a loss here. I've got no clue where to find the problem. Any pointers 
would be greatly appriciated.

-- 
Met vriendelijke groet,


Erik Hensema / HostingXS Internet Services

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux