The authconfig tool is used to enable LDAP support. If the LDAP server is down or inaccessible, it is impossible to log into the box, even from the console. Backup LDAP servers are not an option, as there is no guarantee that the network between the backup LDAP server and the box will be operational. In our case, the LDAP server is in Johannesburg, South Africa, and the client machine is in San Antonio in Texas, so dropping to single mode to fix a downed LDAP server is not an option. The following fix solves the problem. Add an additional line to system-auth marked with "<--" like so: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_localuser.so <-- account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so This allows the system to fall back on /etc/passwd should the LDAP server be dead for any reason.
Changing product and version.
*** This bug has been marked as a duplicate of 55193 ***