Hello all
I would like to disable PAM authentication in my test server running Centos5.1.
Currently I get an error that states:
"Feb 22 02:01:31 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !"
I would like to DISABLE the PAM authentication; am unable to get the answer after googl'ing for hours; if anyone is familiar on how to do this: please advise. I am quite new to the intricacies of this OS; please bear the naive questions.
vincenzo romero wrote:
I would like to DISABLE the PAM authentication; am unable to get the answer after googl'ing for hours; if anyone is familiar on how to do this: please advise. I am quite new to the intricacies of this OS; please bear the naive questions.
Since your quite new, may I ask what is the reason behind wanting to disable PAM ? I can't imagine any reason why someone would want to do that. But I'm sure there is some reason out there..
Just curious.
nate
Hello Nate,
1. It is just for my lab - deploying a few hundred servers for testing purposes - we are not concerned over security.
2. It's because I'm trying to get Root-NFS to diskless workstation running; and this is my latest challenge and struggle after having PXE/TFTPd and DHCPd running and working on my buildserver.
I am basically trying to eliminate all possible issues; so I can get a grip on creating a Root-NFS diskless workstation environment for the lab.
Since this is not a secure environment, would you be so kind to help me and let me know how to disable PAM? .. :)
thanks in advance,
- V.
On Fri, Feb 22, 2008 at 8:19 AM, nate centos@linuxpowered.net wrote:
vincenzo romero wrote:
I would like to DISABLE the PAM authentication; am unable to get the answer after googl'ing for hours; if anyone is familiar on how to do this: please advise. I am quite new to the intricacies of this OS; please bear the naive questions.
Since your quite new, may I ask what is the reason behind wanting to disable PAM ? I can't imagine any reason why someone would want to do that. But I'm sure there is some reason out there..
Just curious.
nate
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
vincenzo romero wrote:
Hello Nate,
Hi!
Since this is not a secure environment, would you be so kind to help me and let me know how to disable PAM? .. :)
If I knew off the top of my head of course I would reveal how. I've never investigated the topic. Sounds like you have so sorry I can't help at this point.
So you basically want the system to boot up to a shell and not prompt for a username/password? I'm still unclear on what disabling PAM will get you. Is it causing a particular problem? I mean there are other ways you can boot directly to a shell without authentication. If your using X11, you can configure GDM/KDM to automatically login without authentication.
8+ years ago PAM was a lot more clunky, less integrated and potentially more problematic. Today it seems really mature, stable, integrated, etc.
nate
On Fri, Feb 22, 2008 at 08:16:15AM -0800, vincenzo romero wrote:
Hello all
I would like to disable PAM authentication in my test server running Centos5.1.
You can't. PAM is compiled into the authentication programs. Without PAM you'd never be able to login at all! It's PAM that actually checks your password etc etc etc.
"Feb 22 02:01:31 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !"
This normally means you're trying to login as "root" but the terminal you're using is not listed in /etc/securetty
Two solutions: 1) Add tty1 to /etc/securetty OR 2) comment out the pam_securetty lines in /etc/pam.d/* files ( maybe only /etc/pam.d/login and /etc/pam.d/remote )
I'd recommend solution "1" myself.
Hello thanks for the reply:
answers inline:
You can't. PAM is compiled into the authentication programs. Without PAM you'd never be able to login at all! It's PAM that actually checks your password etc etc etc.
ok ....
This normally means you're trying to login as "root" but the terminal you're using is not listed in /etc/securetty
yes, and i'd like to login as root unsecurely ... but I also tried with a regular user, to no avail ....
i tried regular user and i tried root ...
Feb 21 09:06:48 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure ! Feb 21 09:06:51 localhost login: FAILED LOGIN 2 FROM (null) FOR root, Authentication failure Feb 21 09:06:57 localhost login: FAILED LOGIN 3 FROM (null) FOR sofia, Authentication failure Feb 21 09:06:58 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !
Two solutions:
- Add tty1 to /etc/securetty
OR
all tty1's were added to securetty file:
vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11
still symptom persists.
- comment out the pam_securetty lines in /etc/pam.d/* files ( maybe only /etc/pam.d/login and /etc/pam.d/remote )
i'll try that ...
Try this:
1. Copy /etc/pam.d to /etc/pam.d.save 2. Delete all files in /etc/pam.d 3. Create vi /etc/pam.d/other with the following contents:
======================================= auth sufficient pam_permit.so account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so =======================================
4. Attempt to log in
this is great - however one question in Step 3:
i vi what file?
vi /etc/pam.d/ <what_config_file> ??
or did you mean for me to create a file: /etc/pam.conf file and add the contents you mention below?
auth sufficient pam_permit.so
account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so
On Fri, Feb 22, 2008 at 9:45 AM, Barry Brimer lists@brimer.org wrote:
Try this:
- Copy /etc/pam.d to /etc/pam.d.save
- Delete all files in /etc/pam.d
- Create vi /etc/pam.d/other with the following contents:
======================================= auth sufficient pam_permit.so account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so =======================================
- Attempt to log in
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Quoting vincenzo romero new2xen@gmail.com:
this is great - however one question in Step 3:
i vi what file?
vi /etc/pam.d/ <what_config_file> ??
or did you mean for me to create a file: /etc/pam.conf file and add the contents you mention below?
auth sufficient pam_permit.so
account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so
On Fri, Feb 22, 2008 at 9:45 AM, Barry Brimer lists@brimer.org wrote:
Try this:
- Copy /etc/pam.d to /etc/pam.d.save
- Delete all files in /etc/pam.d
- Create vi /etc/pam.d/other with the following contents:
======================================= auth sufficient pam_permit.so account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so =======================================
- Attempt to log in
Sorry. Step 3 involves creating a file literally named "/etc/pam.d/other" with the contents listed above. The ==== lines are not part of the file, but to indicate the beginning and ending of the file in this email.
Barry
oh cooooooooooool!
thanks ... i'm in .. now to figure out why my NFS-Root is a mess ..
thank you sooooooooooooo much!
- V
On Fri, Feb 22, 2008 at 10:11 AM, Barry Brimer lists@brimer.org wrote:
Quoting vincenzo romero new2xen@gmail.com:
this is great - however one question in Step 3:
i vi what file?
vi /etc/pam.d/ <what_config_file> ??
or did you mean for me to create a file: /etc/pam.conf file and add the contents you mention below?
auth sufficient pam_permit.so
account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so
On Fri, Feb 22, 2008 at 9:45 AM, Barry Brimer lists@brimer.org wrote:
Try this:
- Copy /etc/pam.d to /etc/pam.d.save
- Delete all files in /etc/pam.d
- Create vi /etc/pam.d/other with the following contents:
======================================= auth sufficient pam_permit.so account sufficient pam_permit.so password sufficient pam_permit.so session sufficient pam_permit.so =======================================
- Attempt to log in
Sorry. Step 3 involves creating a file literally named "/etc/pam.d/other" with the contents listed above. The ==== lines are not part of the file, but to indicate the beginning and ending of the file in this email.
Barry
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Barry Brimer -
nate -
Stephen Harris -
vincenzo romero