Newbie: cannot log into box

pam-list@redhat.com (pam-list@redhat.com) · Wed, 26 Jun 2002 08:50:02 -0500

You need to look @ system-auth in your pam dir.

have a look @ mine

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok debug
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account      sufficient    /lib/security/pam_ldap.so
account      required   /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     optional      /lib/security/pam_mkhomedir.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

                    Alan Womack                                                                                                                  
                    <arwbackup@worldne       To:     <pam-list@redhat.com>                                                                       
                    t.att.net>               cc:                                                                                                 
                    Sent by:                 Subject:     Newbie: cannot log into box                                                            
                    pam-list-admin@red                                                                                                           
                    hat.com                                                                                                                      

                    06/26/02 08:28 AM                                                                                                            
                    Please respond to                                                                                                            
                    pam-list                                                                                                                     

I am working on getting user authentication with ldap going.  I had it
working ok, but I could not add a user that could login.  Only the users
that existed before I got ldap authentication going were able to login.

Therefore I have been trying to learn what part of the authentication stack
was failing.

I have access to machine because I have several tty's loged into root.

In an attempt to diagnose which PAM module is having trouble I have tried
to change my /etc/pam.d/login to read:

[root@Webby pam.d]# cat login
#%PAM-1.0
auth required /lib/security/pam_permit.so
auth required /lib/security/pam_warn.so
#auth       required    /lib/security/pam_securetty.so
#auth       required    /lib/security/pam_stack.so service=system-auth
#auth       required    /lib/security/pam_nologin.so
#account    required    /lib/security/pam_stack.so service=system-auth
#password   required    /lib/security/pam_stack.so service=system-auth
#session    required    /lib/security/pam_stack.so service=system-auth
#session    optional    /lib/security/pam_console.so

my limited understanding from the redhat reference guide is that this
should allow me to log in regardless of what the user name is?  Is this
correct?

When I try to login from the console on tty2, I get a very fast flash of:

user account has expired

I have checked via the graphical redhat-user-configuration program and
expiration of my accounts is not enabled.

Thanks
Alan

_______________________________________________

Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list