Bug 220124 - LSPP: Cannot log into the system after a kickstart install
LSPP: Cannot log into the system after a kickstart install
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: basesystem (Show other bugs)
s390x Linux
medium Severity high
: ---
: ---
Assigned To: Phil Knirsch
Depends On:
  Show dependency treegraph
Reported: 2006-12-18 19:21 EST by Kylene J Hall
Modified: 2015-03-04 20:18 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-19 14:38:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Kickstart used to create the issue. (12.96 KB, text/plain)
2006-12-18 19:21 EST, Kylene J Hall
no flags Details

  None (edit)
Description Kylene J Hall 2006-12-18 19:21:21 EST
Description of problem:
Unable to login to the system after installing with Klaus's lspp kickstart file.
 The error is (via the x3270 console): 
Cannot make/remove an entry for the specified session 
Via ssh it just looks like you are entering the wrong password as you are
prompted 3 times and then the session terminates.
I have tried the install 3 times with the same result each time.

Version-Release number of selected component (if applicable):
The attempted install is of snapshot 3 from 12/7

How reproducible:
Everytime I install.  Attempted install as root and as a user.

Steps to Reproduce:
1. Install with attached kickstart
2. Attempt to login to the system after reboot
Actual results:
Login denied with the following msg:
Cannot make/remove an entry for the specified session  

Expected results:
Able to login to the system.

Additional info:
The last time I installed I double checked in another window that the issue
wasn't a full disk.  Here were the results just before rebooting:
sh-3.1# df -h
Filesystem                Size      Used Available Use% Mounted on
none                    249.7M      4.0k    249.7M   0% /dev
/tmp/loop0               37.6M     37.6M         0 100% /mnt/runtime
/dev/VolGroup01/LvRoot      1.8G      1.1G    580.9M  66% /mnt/sysimage

Also I reset the audit policy so that all full disk actions, etc are ignored
(since I am working with very limited space):
num_logs = 4
dispatcher = /sbin/audispd
DISP_qos = lossy
max_log_file = 8
max_log_file_action = KEEP_LOGS
space_left = 75
space_left_action = IGNORE
action_mail_acct = root
admin_space_left = 50

# Configure how the system will treat disk space exhaustion.
# The action "SUSPEND" discards audit records if space is exhausted.
# The fail-safe setting is to switch to single-user mode.

#admin_space_left_action = SUSPEND
admin_space_left_action = IGNORE

#disk_full_action = SUSPEND
disk_full_action = IGNORE

#disk_error_action = SUSPEND
disk_error_action = IGNORE
Comment 1 Kylene J Hall 2006-12-18 19:21:21 EST
Created attachment 143969 [details]
Kickstart used to create the issue.
Comment 2 Kylene J Hall 2006-12-18 21:37:15 EST
FYI: I tried an install again with Klaus's latest release of the lspp rpm.  This
time I noticed that the kickstart attempts to make sure that the service
irqbalance will be running in runlevel 3 however no such service exists.  On
other platforms this is a part of the irqbalance package which does not exist
for this build of s390x I don't know if that is intentional or not, and if not
intentional if it could be affecting this but thought I would add the information.
Comment 3 Kylene J Hall 2006-12-18 21:39:17 EST
Requested info from Klaus: this affects both console (x3270) and ssh login.  I
cannot post the contents of any avc messages or logs because I have no way to
log into the machine at all.
Comment 4 Kylene J Hall 2006-12-18 23:38:01 EST
Sorry I forgot to mention, this also does not work with enforcing=0
Comment 5 Steve Grubb 2006-12-19 09:31:03 EST
You might need to start the machine in single user mode to get to the logs. We
need to see the logs to figure out the problem. To start in single user, when
the grub menu comes up, press "e" to edit, go to the kernel line and press "e"
again, add a "S" to the end of the line, press "enter", then type "b" to boot.
Comment 6 Klaus Weidner 2006-12-19 13:31:11 EST
Unfortunately the s390/Series Z machines use the "zipl" boot loader which (last
time I used it) did not support any mechanism at all to supply arguments at boot
time :-(

I've asked Kylie to edit /etc/selinux/config from a rescue Linux system, or in a
shell escape during the postinstall phase of the installation, and to try
removing polyinstantiation and the require_auditd"loginuid option in the
/etc/pam.d/* entries. Since she's out today, I'll see if I can access the machine.
Comment 7 Klaus Weidner 2006-12-19 14:22:55 EST
I found the problem, the system had pam- installed (from the
latest RHEL5 snapshot), but the current kickstart script requires a newer PAM
library that supports the "level" keyword in /etc/security/namespace.conf. (This
is documented as a prerequisite for the ks script.)

From /var/log/secure :
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Parsing config file
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Illegal method  
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Error processing
conf file line /tmp  
Dec 19 13:03:36 rheal3a login: Cannot make/remove an entry for the specified

Please close the bug, the login failure was due to the incompatible packages.
Comment 8 Steve Grubb 2006-12-19 14:38:34 EST
Closing bug as requested.

Note You need to log in before you can comment on or make changes to this bug.