Can't login to root -- What protocols manage user login besides PAM?
Tracing the threads of this error, it appears as though some authentication is working because I was able to change the root password using `sudo`.
I don't know the authentication process for `authconfig` but this command works using the updated password for root. Does this sound like a failure within PAM? or could it be within another group of protocols? If it matters. I was working on my server remotely and shutdown via ssh, but I think a root account was still logged in at the server. When I rebooted the next day, root was borked. Below are the only log file to show any real sign of the problem in `/var/log/secure`. First attempt to login with root: Code:
Jul 26 09:38:49 mrwizard login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Code:
Jul 26 09:58:33 mrwizard su: pam_unix(su-l:session): session opened for user root by xtian(uid=0) Code:
Jul 26 09:59:32 mrwizard passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered |
Off hand, it sounds like the root account is disabled. I know Ubuntu and derivs do this as a matter of course.
The easy work around is Code:
sudo bash |
I wish it was that simple. The machine is solely mine and the root account was working. The server is _mostly_ headless and I was doing some extensive reorganizing of my web server's files and directories. But after a reboot, Bonk! No root. No `su -`. Only sudo.
So, I think its best I figure out what's up, or risk losing all access... Also, tried the `#sudo bash` trick, but no go... Maybe if authentication for root was turned off? (pam_debug?) Thereby focusing solely on switching user accounts... |
Quote:
A few other things: Is the /root directory present? If so, what are the permissions? Check disk space & that all partitions are properly mounted. Post the pam configuration files concerning login - can't tell exactly which files right now, go for the names. |
Thank you for posting!
> Exactly what did you do? Maybe here something got screwed up, please tell us with as much detail as possible what you did. Not a lot really. Just started the server. Worked around a AMP tutorial to re-familiarize myself with the basic setup before I stared working on other things. Not installing anything. Just added the requested iptables for the server access. I just recall that I shut down from the remote without exiting the user account on the system (since its headless, I don't usually login from the actual system, but this time I did). >Is the /root directory present? Yes. >If so, what are the permissions? 550 /root <--------- that's right...? 700, 600, etc inside... > Check disk space & that all partitions are properly mounted. The system's fully operational. Its a RAID. If somethings not mounted all manner of flashing lights go off. Post the pam configuration files concerning login - can't tell exactly which files right now, go for the names.[/QUOTE] [xtian@mrwizard pam.d]$ cat password-auth Code:
#%PAM-1.0 Code:
#%PAM-1.0 Code:
[xtian@mrwizard pam.d]$ ls |
What distro are you running?
Is selinux in enforcing mode - check with "sestatus". If it says "enforcing", change with "sudo setenforce 0". I found some other discussions with rather similar problems, have a look: https://mail.gnome.org/archives/comm.../msg04657.html https://bbs.archlinux.org/viewtopic.php?id=144783 |
> What distro are you running?
Sorry. I cross posted on the CentOS site and guess I omitted this--CentOS 6.5 > Is selinux in enforcing mode? No. I turned it off for troubleshooting another issue. I'm going to look at those other links and post back... |
Yeah. This problem still persists. Seems circumstance is forcing the issue of system maintenance via sudo.
I'm not using Gnome, but KDE. This bug should not apply. |
and you have not reinstalled cent in over 2 months ?
you did something in moving files around if you royally messed up the SE contexts in /hom/username then se might STOP that user or if files in / like /etc are messed up then se might stop a bootup Cent by default dose NOT use "sudo" you as the admin have to set that up if you understand the security risks -- that is why it is not set up use " su " or the VERY different command " su -" that "-" makes a very big difference it is the text shortcut for "su -l root" |
Quote:
|
All times are GMT -5. The time now is 06:53 AM. |