Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 180943 - Cannot login on system's console
Cannot login on system's console
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2006-02-10 12:20 EST by Jason Martens
Modified: 2015-01-07 19:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-13 10:24:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jason Martens 2006-02-10 12:20:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051224 Debian/1.5.dfsg-3 Firefox/1.5

Description of problem:
When attempting to log in to the system's console, I get the following error messages:

Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_authenticate
Feb 10 04:31:46 hostname login: PAM unable to resolve symbol: pam_sm_setcred
Feb 10 04:31:53 hostname login: FAILED LOGIN SESSION FROM (null) FOR root, Module is unknown

This only happens from the console. I am able to log in via ssh without a problem using publickey and username/password.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Attempt to login to the console as root.

Actual Results:  I receive the error messages listed and the hostname login: prompt returns.

Expected Results:  I should have been authenticated.

Additional info:

I disabled the RPC services on this system, but I tried manually starting them, and it had no effect.
Comment 1 Tomas Mraz 2006-02-13 02:39:54 EST
What contains /etc/pam.d/login and /etc/pam.d/system-auth?
Comment 2 Jason Martens 2006-02-13 10:12:13 EST
[root@server ~]# cat /etc/pam.d/login
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       required     pam_limits.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open
[root@server ~]# cat /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Note, selinux is in warn mode only.
Comment 3 Tomas Mraz 2006-02-13 10:24:50 EST
This is misconfiguration, pam_limits.so cannot be used in auth phase.
Comment 4 Jason Martens 2006-02-13 11:35:56 EST
Hmm, ok. After removing pam_limits.so from /etc/pam.d/login, I was able to log
in again.  I guess the question is just how it got there in the first place, as
I'm pretty sure I did not put it there myself.  For future reference, the only
non-redhat thing that I've installed is Oracle 10g.  Maybe that added it at some

Note You need to log in before you can comment on or make changes to this bug.