Re: Can't log in

David Hearne Fri, 12 May 2000 15:46:45 -0700
OK...forgive my creative editing...it eliminates a very long an confusing
multi-quote email :)

----- Original Message -----
From: <[EMAIL PROTECTED]>

Subject: Re: Can't log in



> RedHat uses PAM for authentication.  I would expect to see PAM messages
> something like this in the syslog:
>
> May 11 21:37:05 witsend PAM_pwdb[286]: 1 authentication failure;\
>         whit(uid=0) -> whit for lockvc service
> this tells what file             ^^^^
> in /etc/pam.d specifies the rules for that service.
> Sorry, I don't have RedHat, I just installed PAM so I could pick
> a little bug out or RH's xdm, (rh 5.0 and 5.1, should be fixed
> by now) and used it to develop the PAM-aware option of lockvc, so lockvc
> is the only PAM-aware app I have just now.
>
    There is no entry like this in my syslog :(

> I would expect a service name of either login or telnet.
>
> Round about 5.0 or 5.1 RH had another little bug in some of the shutdown
> scripts that caused a (possibly empty) /etc/nologin to be left lying
> around.  That would normally disable all non-root logins (root telnet is
> disabled by not having the pseudo-tty's in /etc/securetty; that's RH
> policy too, I think), but it might be worth a check.

no /etc/nologin exists
I know remote root logins do not work...which is fine by me. :)

>
> If there is no /etc/pam.d file for the service, PAM uses
> /etc/pam.d/other, which may well be set to outright deny

    The /etc/pam.d/other file does indeed appear to be set to deny
everything it looks like :

    #%PAM 1.0

    auth              required    /lib/security/pam_deny.so
    account        required    /lib/security/pam_deny.so
    password    required    /lib/security/pam_deny.so
    session        required    /lib/security/pam_deny.so

> rpm -qil telnet should tell you if there is a pam.d file associated with
> it; if not I guess it still uses /etc/pam.d/login and you should look at
> that file and try to make sense of it.  It's just a few lines.  Maybe it
> should look about like this (from RH 5.0):
>

There is no pam.d file associated w/ telnet...as far as rpm knows anyway

> #%PAM-1.0
> auth       required /lib/security/pam_securetty.so
> auth       required /lib/security/pam_pwdb.so shadow nullok
> auth       required /lib/security/pam_nologin.so
> account    required /lib/security/pam_pwdb.so
> password   required /lib/security/pam_cracklib.so
> password   required /lib/security/pam_pwdb.so shadow nullok
> use_authtok
> session    required /lib/security/pam_pwdb.so
>

    This is what mine looks like


> Lawson
>   >< Microsoft free environment
>
> This mail client runs on Wine.  Your mileage may vary.

Again, I appreciate everyone's (extended) help on this issue...
Dave



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
Re: Can't log in

Reply via email to
