login always fails after first failed attempt, libgcrypt warning

flesh75 · 01-16-2015, 01:28 PM

Some notes first, may be related to the problem
- I am using PAM
- libgcrypt displays a warning about not being initialized by login

Why does login always fail after a first failed attempt ?

ReaperX7 · 01-16-2015, 05:07 PM

Which build of B/LFS are you using, are you using the book defaults, and did you rebuild shadow and cracklib for PAM support?

flesh75 · 01-16-2015, 09:43 PM

I am using LFS 7.5. I followed the book but added some packages from BLFS. I rebuilt libcrack and shadow using PAM. My /etc/pam.d/login file looks like :

# Begin /etc/pam.d/login

# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000

# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so

# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth required pam_securetty.so

# Additional group memberships - disabled by default
#auth optional pam_group.so

# include the default auth settings
auth include system-auth

# check access for the user
account required pam_access.so

# include the default account settings
account include system-account

# Set default environment variables for the user
session required pam_env.so

# Set resource limits for the user
session required pam_limits.so

# Display date of last login - Disabled by default
session optional pam_lastlog.so

# Display the message of the day - Disabled by default
session optional pam_motd.so

# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet

# include the default session and password settings
session include system-session
password include system-password

# End /etc/pam.d/login

ReaperX7 · 01-16-2015, 10:34 PM

One of many reasons I refuse to use PAM...

Are you trying to login as root or as a specific user?

veerain · 01-16-2015, 10:49 PM

You should see syslog messages. It outputs some meaningful messages so we can diagnose what's wrong. Also check your /etc/pam.d/*files. They may give exact reason for problem. Also read pam user guide available from same site you downloaded libPAM.

ReaperX7 · 01-16-2015, 10:56 PM

The PAM user guide is thorough but equally misleading and confusing as to what you might need.

The BLFS defaults are what you need to start from first, but first figuring out what account he's logging in from first is where we need to start from.

flesh75 · 01-17-2015, 08:23 AM

The username I use does not matter. It always behaves this way.

ReaperX7 · 01-17-2015, 05:33 PM

Hmmm... Okay let's try this. Start at the PAM section and redraft all of the configuration files for PAM, shadow, and any other BLFS packages that utilize PAM, and maybe even rebuild a few of the packages as needed. If this works, this should restore PAM back to a default setting for B/LFS.

Rebuild libgcrypt and reinstall it. Or see if an update is available in the latest book. Rebuild PAM if needed also.

Find your host's /etc/securetty file and copy it to /etc on your B/LFS partition. In the login configuration, enable the root login feature. Try logging in.

On your primary user account, try adding it to the wheel group. If you have sudo installed, make sure you set sudo's configuration as needed.

Reconfigure any usage of modules to use pam_unix.so. This is a universal access module and should allow unimpeded operation of packages. Use with care though and do this only for diagnostic purposes.

If all else fails, you may need to go back and remove PAM and rebuild any components using it to work without PAM and find out what happened. If you saved your preconfigured and cleaned sources this will help.

If from here you are at a loss, try asking on the BLFS mailing list. I don't use PAM myself as I often find it to be an annoyance that's better left out.