Bug 180943 - Cannot login on system's console
Summary: Cannot login on system's console
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: x86_64 Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-10 17:20 UTC by Jason Martens
Modified: 2015-01-08 00:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-13 15:24:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jason Martens 2006-02-10 17:20:16 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-3 Firefox/1.5

Description of problem:
When attempting to log in to the system's console, I get the following error messages:

Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_authenticate
Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_setcred
Feb 10 04:31:53 hostname login: FAILED LOGIN SESSION FROM (null) FOR root, Module is unknown

This only happens from the console. I am able to log in via ssh without a problem using publickey and username/password.

Version-Release number of selected component (if applicable):
pam-0.77-66.13

How reproducible:
Always

Steps to Reproduce:
1. Attempt to login to the console as root.

Actual Results:  I receive the error messages listed and the hostname login: prompt returns.

Expected Results:  I should have been authenticated.

Additional info:

I disabled the RPC services on this system, but I tried manually starting them, and it had no effect.

Comment 1 Tomas Mraz 2006-02-13 07:39:54 UTC
What contains /etc/pam.d/login and /etc/pam.d/system-auth?


Comment 2 Jason Martens 2006-02-13 15:12:13 UTC
[root@server ~]# cat /etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       required     pam_limits.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open
[root@server ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so


Note, selinux is in warn mode only.

Comment 3 Tomas Mraz 2006-02-13 15:24:50 UTC
This is misconfiguration, pam_limits.so cannot be used in auth phase.


Comment 4 Jason Martens 2006-02-13 16:35:56 UTC
Hmm, ok. After removing pam_limits.so from /etc/pam.d/login, I was able to log
in again.  I guess the question is just how it got there in the first place, as
I'm pretty sure I did not put it there myself.  For future reference, the only
non-redhat thing that I've installed is Oracle 10g.  Maybe that added it at some
point.


Note You need to log in before you can comment on or make changes to this bug.