Bug 180943

Summary: Cannot login on system's console
Product: Red Hat Enterprise Linux 4 Reporter: Jason Martens <me>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-13 15:24:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Martens 2006-02-10 17:20:16 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-3 Firefox/1.5

Description of problem:
When attempting to log in to the system's console, I get the following error messages:

Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_authenticate
Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_setcred
Feb 10 04:31:53 hostname login: FAILED LOGIN SESSION FROM (null) FOR root, Module is unknown

This only happens from the console. I am able to log in via ssh without a problem using publickey and username/password.

Version-Release number of selected component (if applicable):
pam-0.77-66.13

How reproducible:
Always

Steps to Reproduce:
1. Attempt to login to the console as root.

Actual Results:  I receive the error messages listed and the hostname login: prompt returns.

Expected Results:  I should have been authenticated.

Additional info:

I disabled the RPC services on this system, but I tried manually starting them, and it had no effect.

Comment 1 Tomas Mraz 2006-02-13 07:39:54 UTC
What contains /etc/pam.d/login and /etc/pam.d/system-auth?


Comment 2 Jason Martens 2006-02-13 15:12:13 UTC
[root@server ~]# cat /etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       required     pam_limits.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open
[root@server ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so


Note, selinux is in warn mode only.

Comment 3 Tomas Mraz 2006-02-13 15:24:50 UTC
This is misconfiguration, pam_limits.so cannot be used in auth phase.


Comment 4 Jason Martens 2006-02-13 16:35:56 UTC
Hmm, ok. After removing pam_limits.so from /etc/pam.d/login, I was able to log
in again.  I guess the question is just how it got there in the first place, as
I'm pretty sure I did not put it there myself.  For future reference, the only
non-redhat thing that I've installed is Oracle 10g.  Maybe that added it at some
point.