From: Sun Manager (sunmngrs@mzserver.com)
Date: Fri Apr 23 2004 - 12:13:26 EDT
Hello Everyone,
I have been receiving a very strange error message the last few
weeks, I believe after I installed the latest patch cluster. The
strange part is I think my PAM config is fine. In my /var/adm/messages,
I see:
Apr 22 14:25:51 hostname sshd[19874]: [ID 800047 auth.error] error: PAM:
Authentication failed for user from xxx.xxx.xxx.xxx
Apr 22 14:25:59 hostname sshd[19880]: [ID 230074 auth.error]
pam_unix_auth: NIS+ permissions require that the pam_dhkeys module is on
the PAM stack before pam_unix_auth
My /etc/pam.conf is:
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1
#
dtlogin auth requisite pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_auth.so.1
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1
#
# Account management
#
login account requisite pam_roles.so.1
login account required pam_unix_account.so.1
#
dtlogin account requisite pam_roles.so.1
dtlogin account required pam_unix_account.so.1
#
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Session management
#
other session required pam_unix_session.so.1
#
# Password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
dtsession auth requisite pam_authtok_get.so.1
dtsession auth required pam_dhkeys.so.1
dtsession auth required pam_unix_auth.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos) #
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#dtlogin auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#dtlogin account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
ppp account requisite pam_roles.so.1
ppp account required pam_projects.so.1
ppp account required pam_unix_account.so.1
ppp session required pam_unix_session.so.1
passwd auth required pam_passwd_auth.so.1
cron account required pam_unix_account.so.1
#cron account optional pam_krb5.so.1
Any ideas?
Thanks in advance,
Michael
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:31 EDT