Can't authenticate some accounts
- Subject: Can't authenticate some accounts
- From: "Erik Hensema / HostingXS" <hensema@xxxxxxxxxxxx>
- Date: Mon, 9 Mar 2009 16:51:08 +0100
- Organization: HostingXS
Dear list,
After installing a new server, we ran into some accounts which can't
authenticate.
In short, I can find just two common symptoms:
a) all accounts are NIS accounts
b) pam_authenticate() returns error 6: "Permission denied".
The problem manifests itself on a small percentage of our accounts. All
accounts are created equal, using a script.
The accounts have a valid md5-crypted password. Changing the password doesn't
work (the account remains locked/unusable).
Failing accounts can be old account (from before installing the server) or new
accounts.
The accounts do work on other servers with older PAM versions (such as
0.99.6.3-29.1).
The accounts are listed correctly by both 'ypcat passwd' and 'getent passwd'.
The accounts never expire and aren't locked.
"Permission denied" on pam_authenticate() is undocumented.
The problem manifests itself on all services.
The configuration of the machine:
auth required pam_env.so
auth sufficient pam_unix2.so
auth sufficient pam_ldap.so use_first_pass
----
nsswitch.conf:
passwd: files nis ldap
shadow: files nis ldap
----
opensuse 11.0 with pam 1.0.1-8.1
I'm at a loss here. I've got no clue where to find the problem. Any pointers
would be greatly appriciated.
--
Met vriendelijke groet,
Erik Hensema / HostingXS Internet Services
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Fedora Users]
[Kernel]
[Red Hat Install]
[Linux for the blind]
[Gimp]
