OK, I'm sending this again because I think it got lost last time :). I
really would love some help figuring this out...as it is obviously WAY
beyond anything that I can do on my own (otherwise it might be fixed by now
:P)
Thanks in advance
Dave
----- Original Message -----
From: David Hearne <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, May 12, 2000 6:32 PM
Subject: Re: Can't log in
> OK...forgive my creative editing...it eliminates a very long an confusing
> multi-quote email :)
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
>
> Subject: Re: Can't log in
>
>
>
> > RedHat uses PAM for authentication. I would expect to see PAM messages
> > something like this in the syslog:
> >
> > May 11 21:37:05 witsend PAM_pwdb[286]: 1 authentication failure;\
> > whit(uid=0) -> whit for lockvc service
> > this tells what file ^^^^
> > in /etc/pam.d specifies the rules for that service.
> > Sorry, I don't have RedHat, I just installed PAM so I could pick
> > a little bug out or RH's xdm, (rh 5.0 and 5.1, should be fixed
> > by now) and used it to develop the PAM-aware option of lockvc, so lockvc
> > is the only PAM-aware app I have just now.
> >
> There is no entry like this in my syslog :(
>
> > I would expect a service name of either login or telnet.
> >
> > Round about 5.0 or 5.1 RH had another little bug in some of the shutdown
> > scripts that caused a (possibly empty) /etc/nologin to be left lying
> > around. That would normally disable all non-root logins (root telnet is
> > disabled by not having the pseudo-tty's in /etc/securetty; that's RH
> > policy too, I think), but it might be worth a check.
>
> no /etc/nologin exists
> I know remote root logins do not work...which is fine by me. :)
>
> >
> > If there is no /etc/pam.d file for the service, PAM uses
> > /etc/pam.d/other, which may well be set to outright deny
>
> The /etc/pam.d/other file does indeed appear to be set to deny
> everything it looks like :
>
> #%PAM 1.0
>
> auth required /lib/security/pam_deny.so
> account required /lib/security/pam_deny.so
> password required /lib/security/pam_deny.so
> session required /lib/security/pam_deny.so
>
> > rpm -qil telnet should tell you if there is a pam.d file associated with
> > it; if not I guess it still uses /etc/pam.d/login and you should look at
> > that file and try to make sense of it. It's just a few lines. Maybe it
> > should look about like this (from RH 5.0):
> >
>
> There is no pam.d file associated w/ telnet...as far as rpm knows anyway
>
> > #%PAM-1.0
> > auth required /lib/security/pam_securetty.so
> > auth required /lib/security/pam_pwdb.so shadow nullok
> > auth required /lib/security/pam_nologin.so
> > account required /lib/security/pam_pwdb.so
> > password required /lib/security/pam_cracklib.so
> > password required /lib/security/pam_pwdb.so shadow nullok
> > use_authtok
> > session required /lib/security/pam_pwdb.so
> >
>
> This is what mine looks like
>
>
> > Lawson
> > >< Microsoft free environment
> >
> > This mail client runs on Wine. Your mileage may vary.
>
> Again, I appreciate everyone's (extended) help on this issue...
> Dave
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to [EMAIL PROTECTED]
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
