Red Hat Bugzilla – Bug 11201
PAM won't accept root's password
Last modified: 2007-04-18 12:26:54 EDT
After installing Red Hat 6.2 PAM worked just fine. For instance, as a
normal user I could start up the up2date program and I would then be
prompted for root's password. I would enter root's password and it would
then bring up the program.
The problem came immediately after upgrading my kernel with Red Hat's new
kernel listed in its errata page. I just used rpm -Uvh to upgrade the
kernel (I was being brave) and after the upgrade PAM stopped working
correctly. Now as a normal user if I try to bring up the up2date
program PAM prompts me with the password box but after I type in root's
password the password box goes away and no program is loaded. I've tried
this over and over again with different programs and making sure I type in
root's password correctly but it never works.
I've looked through a lot of documentation on PAM and I couldn't find any
reference to this problem or any type of setting that may have changed that
would cause this.
I forgot to add this about my problem with PAM on Red Hat 6.2.
I added the debug argument to one of my PAM programs (up2date) and got the
following error messages when I tried to run up2date as a normal user and then
typed in root's password when PAM prompted me:
May 4 14:16:41 panaka pam_xauth: call_xauth: setuid to 500
for /usr/X11R6/bin/xauth with incoming (null)
May 4 14:16:41 panaka pam_xauth: _pam_xauth: xauth missing display
May 4 14:16:41 panaka pam_xauth: _args_init: getlogin failed
I hope this helps. Again, I made absolutely sure I was typing in the right
password each time I tried this.
assigned to nalin
Sounds like your naming service setup has gotten a little messed up. Do the
"getent passwd root" and "getent passwd <yourlogin>" commands return any
results? What are the contents of the PAM configuration file for up2date
(/etc/pam.d/up2date)? Are you still able to use other programs that prompt for
the root password?
su - root is completely broken on two of our systems, (RH6.2) independently on
the same day.
We don't use NIS but we do use shadowing. We have upgraded the package to
Pam-0.72-20 and made changes to the configuration files after reading through
the documentation. We have checked that the various allow/deny files are
correct and that passwd and shadow are correct.
As far as we can see this is bug present in recent versions of this package and
not a configuration issue.
We are Solaris S/A's looking to farm out some of our low end services to Linux
but this is a real show stopper.
Is this sort of problem common to Linux or is it particular to the RedHat
distribution? Is RedHat more of an alternative to windows than a real choice
for production systems? Is there a distribution which is more robust?
Which configuration files were changed? I'm not aware that any of them would
have required altering in concert with the PAM package update. The kernel
update should not have required modifications beyond the /etc/lilo.conf file
used by the kernel loader.
Closing out due to bit-rot.