On Tue, 2010-08-24 at 14:56 -0400, Rob Kampen wrote: > No my server is 32 bit and I think there were no seg faults in > actuality > - the pam_shield module was causing a ?? response to su and sudo auth > requests and they reported segmentation error - nothing in the logs - > I assume that it had somehow locked my account and thus all auth > requests to pam were being dumped. It also appeared to do the same to > the login prompt on the console - any user entered just went back to > the the login prompt no request for the password, > I have thus commented out the auth line I added yesterday until I work > out what went wrong. > I am wondering if I entered the auth line in the wrong place?? > Anyone know where it should go? > The instructions from the INSTALL file in the tar.gz that I used was > not centos / rh specific. > HTH Rob A pam_shield-related login failure happened to me once and fixing system-auth cured it. It happened too long ago to remember the details, but I think the failure was on centos 4. The thing that sticks in my mind was the inability of any user to login from a console. Here are the examples you requested. Centos 4 example (64-bit): # cat /etc/pam.d/system-auth ... auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok # auth optional /lib64/security/pam_shield.so # auth required /lib/security/$ISA/pam_deny.so ... Centos 5 example: # cat /etc/pam.d/system-auth ... auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass # auth optional pam_shield.so # auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so ... rhel6-beta2 example: ... # cat /etc/pam.d/system-auth ... auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass # auth optional pam_shield.so # auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so ... Steve