[CentOS] PAM_shield locking me out?
S.Tindall
tindall.satwth at brandxmail.com
Tue Aug 24 19:53:33 UTC 2010
On Tue, 2010-08-24 at 14:56 -0400, Rob Kampen wrote:
> No my server is 32 bit and I think there were no seg faults in
> actuality
> - the pam_shield module was causing a ?? response to su and sudo auth
> requests and they reported segmentation error - nothing in the logs -
> I assume that it had somehow locked my account and thus all auth
> requests to pam were being dumped. It also appeared to do the same to
> the login prompt on the console - any user entered just went back to
> the the login prompt no request for the password,
> I have thus commented out the auth line I added yesterday until I work
> out what went wrong.
> I am wondering if I entered the auth line in the wrong place??
> Anyone know where it should go?
> The instructions from the INSTALL file in the tar.gz that I used was
> not centos / rh specific.
> HTH Rob
A pam_shield-related login failure happened to me once and fixing
system-auth cured it.
It happened too long ago to remember the details, but I think the
failure was on centos 4. The thing that sticks in my mind was the
inability of any user to login from a console.
Here are the examples you requested.
Centos 4 example (64-bit):
# cat /etc/pam.d/system-auth
...
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
#
auth optional /lib64/security/pam_shield.so
#
auth required /lib/security/$ISA/pam_deny.so
...
Centos 5 example:
# cat /etc/pam.d/system-auth
...
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
#
auth optional pam_shield.so
#
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
...
rhel6-beta2 example:
...
# cat /etc/pam.d/system-auth
...
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
#
auth optional pam_shield.so
#
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
...
Steve
More information about the CentOS
mailing list