I swapped out the /etc/authselect login and system files and It seems to be that the updated node 4.6 pam stack is calling /usr/sbin/chkpwd and that fails for all cockpit users, root and otherwise.
for root May 18 13:03:02 br014 unix_chkpwd[14186]: check pass; user unknown May 18 13:03:02 br014 unix_chkpwd[14187]: check pass; user unknown May 18 13:03:02 br014 unix_chkpwd[14187]: password check failed for user (root) for local user account >1000 UID May 18 13:03:28 br014 unix_chkpwd[14309]: could not obtain user info (e######) On Tue, May 18, 2021 at 12:02 PM Edward Berger <[email protected]> wrote: > /etc/pam.d/cockpit under node 4.4.6 is the same as you posted. > Something else changed. > > #%PAM-1.0 > # this MUST be first in the "auth" stack as it sets PAM_USER > # user_unknown is definitive, so die instead of ignore to avoid subsequent > modules mess up the error code > -auth [success=done new_authtok_reqd=done user_unknown=die > default=ignore] pam_cockpit_cert.so > auth required pam_sepermit.so > auth substack password-auth > auth include postlogin > auth optional pam_ssh_add.so > account required pam_nologin.so > account include password-auth > password include password-auth > # pam_selinux.so close should be the first session rule > session required pam_selinux.so close > session required pam_loginuid.so > # pam_selinux.so open should only be followed by sessions to be executed > in the user context > session required pam_selinux.so open env_params > session optional pam_keyinit.so force revoke > session optional pam_ssh_add.so > session include password-auth > session include postlogin > > > On Tue, May 18, 2021 at 11:50 AM Gianluca Cecchi < > [email protected]> wrote: > >> On Tue, May 18, 2021 at 4:50 PM Glenn Farmer <[email protected]> >> wrote: >> >>> The current thread is about 4.4.6 - nice that you can login to your >>> 4.4.5. >>> >> >> The subject of the thread says it all... ;-) >> My point was to ask if you see differences in /etc/pam.d/cockpit in your >> 4.4.6, in respect with the version I pasted for my 4.4.5 or if they are the >> same. >> I cannot compare as I have not yet 4.4.6 installed >> >> >>> I changed the admin password on the engine - still cannot access the >>> Cockpit GUI on any of my hosts. >>> >> >> The cockpit gui for the host is accessed through users defined on the >> hosts, not on engine side. It is not related to the admin engine web admi >> gui... >> I think you can configure a normal user on your hypervisor host and see >> if you can use it to connect to the cockpit gui or if you receive error. >> Do you need any particular functionality to use the root user? >> >> HIH, >> Gianluca >> >> _______________________________________________ >> Users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/[email protected]/message/VSM4BLBD36MFNXR5OXS4QWWHHGQXXZIP/ >> >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/QADZ4TFIUNUKCCCBXE7LT6MHFXDNVARG/
