On Tue, 2010-08-24 at 14:56 -0400, Rob Kampen wrote:
No my server is 32 bit and I think there were no seg faults in actuality
- the pam_shield module was causing a ?? response to su and sudo auth
requests and they reported segmentation error - nothing in the logs - I assume that it had somehow locked my account and thus all auth requests to pam were being dumped. It also appeared to do the same to the login prompt on the console - any user entered just went back to the the login prompt no request for the password, I have thus commented out the auth line I added yesterday until I work out what went wrong. I am wondering if I entered the auth line in the wrong place?? Anyone know where it should go? The instructions from the INSTALL file in the tar.gz that I used was not centos / rh specific. HTH Rob
A pam_shield-related login failure happened to me once and fixing system-auth cured it.
It happened too long ago to remember the details, but I think the failure was on centos 4. The thing that sticks in my mind was the inability of any user to login from a console.
Here are the examples you requested.
Centos 4 example (64-bit):
# cat /etc/pam.d/system-auth ... auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok # auth optional /lib64/security/pam_shield.so # auth required /lib/security/$ISA/pam_deny.so ...
Centos 5 example:
# cat /etc/pam.d/system-auth ... auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass # auth optional pam_shield.so # auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so ...
rhel6-beta2 example: ... # cat /etc/pam.d/system-auth ... auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass # auth optional pam_shield.so # auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so ...
Steve