Red Hat Bugzilla – Bug 180943
Cannot login on system's console
Last modified: 2015-01-07 19:11:33 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-3 Firefox/1.5
Description of problem:
When attempting to log in to the system's console, I get the following error messages:
Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_authenticate
Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_setcred
Feb 10 04:31:53 hostname login: FAILED LOGIN SESSION FROM (null) FOR root, Module is unknown
This only happens from the console. I am able to log in via ssh without a problem using publickey and username/password.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Attempt to login to the console as root.
Actual Results: I receive the error messages listed and the hostname login: prompt returns.
Expected Results: I should have been authenticated.
I disabled the RPC services on this system, but I tried manually starting them, and it had no effect.
What contains /etc/pam.d/login and /etc/pam.d/system-auth?
[root@server ~]# cat /etc/pam.d/login
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_limits.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
[root@server ~]# cat /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
Note, selinux is in warn mode only.
This is misconfiguration, pam_limits.so cannot be used in auth phase.
Hmm, ok. After removing pam_limits.so from /etc/pam.d/login, I was able to log
in again. I guess the question is just how it got there in the first place, as
I'm pretty sure I did not put it there myself. For future reference, the only
non-redhat thing that I've installed is Oracle 10g. Maybe that added it at some