Re: PAM authentication problem

From: Hugo Chasqueira (hchasqueira@netcabo.pt)
Date: 03/24/03

  • Next message: Casper Dik: "Re: Better Syslog server"
    From: Hugo Chasqueira <hchasqueira@netcabo.pt>
    To: "Adam H. Pendleton" <fmonkey@fmonkey.net>
    Date: Mon, 24 Mar 2003 20:34:08 +0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Adam H. Pendleton escreveu:
    > I am having a problem with my Solaris 8 box, which seems related to PAM,
    > but it somewhat peculiar/troubling. I am able to login to the box via
    > telnet without a problem, but when I try to su to root, I get the
    > following:
    >
    > Mar 19 11:01:40 boromir su: [ID 308033 auth.debug] pam_acct_mgmt: error Get
    > new authentication token
    > Mar 19 11:01:40 boromir su: [ID 810491 auth.crit] 'su root' failed for root
    > on /dev/pts/2

    I had a similar problem with the same message, though i was using ssh.

    The problem was that the account had an expired password. I changed the
    password for that account and it worked again.

    - --
    Hugo Chasqueira

    PGP Key:
    http://search.keyserver.net:11371/pks/lookup?op=get&search=0x8BD14B82
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE+f2vBjFeRi4vRS4IRArtnAJ44xl1hHISUCU6u7hNmrkZ3a3xyKwCghIK8
    uiyg1aESvBg6U2c/b4jEm5Q=
    =hwp+
    -----END PGP SIGNATURE-----


  • Next message: Casper Dik: "Re: Better Syslog server"

    Relevant Pages

    • [UNIX] QPopper in Conjunction with PAM Allows Account Verification
      ... QPopper in Conjunction with PAM Allows Account Verification ...
      (Securiteam)
    • Re: Tacacs and OpenSSH
      ... "Also make sure you do have a local user account and it is not locked. ... You must need a local account even though the authentication is done ... I am trying to have sshd use the local account as defined on the TACACS server. ... So my TACACS pam is getting called with the incoming user. ...
      (SSH)
    • Re: password expiration
      ... Also a user account can be configured to be exempt from ... access to a VPN and change their expired password when prompted to. ... cached credentials is to change their expired password and then right away ... > We have several WinXP notebook users in our Win2000 AD domain. ...
      (microsoft.public.win2000.security)
    • Re: How restrict network login on AIX for everything BUT SSH? (RLOGIN=FALSE & loginrestrictions
      ... Unfortunately I WANT to disable telnet, rsh, rlogin etc for an account, ... BUT keep SSH enabled. ... However in Aix v5.3 full ... pam support was added, and our LAM module broke and we have been unable ...
      (comp.security.ssh)
    • Re: Tacacs and OpenSSH
      ... So my TACACS pam is getting called with the incoming user. ... Then restart sshd. ... Also make sure you do have a local user account and it is not locked. ... >> contacts the TACACS server. ...
      (SSH)