LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Cronjob: Could not authenticate PAM user ... Authentication failure (for root?!?) (https://www.linuxquestions.org/questions/linux-security-4/cronjob-could-not-authenticate-pam-user-authentication-failure-for-root-696038/)

JZL240I-U 01-09-2009 02:38 AM
Cronjob: Could not authenticate PAM user ... Authentication failure (for root?!?)
 
This is what /var/log/messages says:

Code:
Jan  8 17:37:00 wodenhof fcron[3026]: pam_warn(fcron:auth): function=[pam_sm_authenticate] service=[fcron] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>]
Jan  8 17:37:00 wodenhof fcron[3026]: Could not authenticate PAM user for '/usr/bin/rsnapshot daily': Authentication failure
Jan  8 17:37:00 wodenhof fcron[3026]: Job '/usr/bin/rsnapshot daily' has *not* run.
Both fcron and fcrontab have the user "root" and the group "root" as has "rsnapshot".

I'm simply lost here. These are all root's programs, what is PAM doing, or rather what did I overlook?

JZL240I-U 01-12-2009 08:09 AM
Really nobody with any clue? :(

JZL240I-U 02-03-2009 06:49 AM
Okay, I found it out for myself and with the generous help of the original author:

PAM is an infrastructure for programs to use for authentication of programs quasi like logging on without user interference. The program in question (fcron in this case) looks for /etc/pam.conf or /etc/pam.d/<program>. In this file (only one is used, /etc/pam.conf will be disregarded when /etc/pam.d/ is present), the needed modules of (PAM) and their actions are defined.

I simply copied cron's PAM-file to /etc/pam.d/fcron and voilą ... bingo and fcron running its chores. Explanation: The maintainer of fcron wrote: "...since a few version fcron installs by default in /usr/local and not in / to make it more standard. Thus the pam configuration is probably installed in /usr/local/etc/ and not in /etc on your system, and I guess it is not applied because of that.

You can do something as "configure --sysconfdir=/etc" to change that."

That's exactly what had happened, I found a /usr/local/etc/pam.conf which I converted to /etc/pam.d/fcron (needs editing!) and that was that.

asim arora 10-25-2013 11:47 AM
Pam Authentication failure
 
I Am stuck up in same problem But In my case there is no fcron entry in pam.d directory . All fcron files and pam.conf file are there in /etc. I Got four files and one directory after installing.

Files
fcron.deny
fcron.conf
fcron.allow
pam.conf

Dir
pam.d

But no entry for fcron in this directory to copy conf file.

JZL240I-U 10-28-2013 02:42 AM
What is the exact error message and what are the contents of /etc/pam.conf and /etc/fcron.conf?

Telolen 03-12-2019 08:33 AM
same problem
 
Hello,

I would like try Fcron, but it's don't work. Installation done without error but tasks are not executed.

syslog error :

Code:
fcrontab[12528]: Could not authenticate user using PAM (4): System error
/etc/pam.d/fcrontab

Code:
#
# The PAM configuration file for fcrontab
#

# WARNING : you cannot use every modules here, as some
#          (such as pam_unix_acct.so) require the program to be run
#          by root or suid root, and fcrontab is *not* suid root.

# By default we do not ask user for a password
# (but fcrontab can do it, if you configure it to do so)
auth                sufficient        pam_permit.so
@include common-auth

# pam_unix.so seems to get very cross if you use it to do account
# management but didn't use it for auth.  Can't people write PAM
# modules right, for once?
#@include common-account
account                required        pam_permit.so
#account        required        pam_time.so

@include common-session
#session        required        pam_permit.so
/etc/pam.d/fcron

Code:
#
# The PAM configuration file for fcron daemon
#

# Warning: fcron has no way to prompt user for a password, so don't!
auth      required  pam_env.so
auth      required  pam_permit.so

@include common-account

@include common-session
# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session    required  pam_limits.so
#
#session  required  pam_permit.so
/etc/pam.conf

Code:
# ---------------------------------------------------------------------------#
# /etc/pam.conf                                                                    #
# ---------------------------------------------------------------------------#
#
# NOTE
# ----
#
# NOTE: Most program use a file under the /etc/pam.d/ directory to setup their
# PAM service modules. This file is used only if that directory does not exist.
# ---------------------------------------------------------------------------#

# Format:
# serv.        module          ctrl              module [path]        ...[args..]                    #
# name        type          flag                                                            #
I use Mint 19.1 and installed Fcron by : fcron_3.0.1-1_amd64.deb (archive.debian.org/debian/pool/main/f/fcron/), i already remove/purge anacron, installed exim4 exim4-base exim4-config exim4-daemon-light, chmod 644 /etc/fcron.conf.

Any idea?
Thank you.

Telolen 03-12-2019 08:48 AM
it's solve... when i wrote the post, i noticed i installed the version fcron_3.0.1-1_amd64.deb 2006-10-12 16:02 259K instead of the newest fcron_3.0.1-1.3_amd64.deb 2008-10-29 17:17 261K. i installed fcron_3.0.1-1.3_amd64.deb and now it's work ^^' done.

JZL240I-U 03-13-2019 07:40 AM
Okay, good. Sorry for coming late, I found your post(s) only now :).

But I think some (most? all?) features of fcron are now included in the normal cron (at least with openSUSE tumbleweed).

Telolen 03-13-2019 07:57 AM
oh? i'm not inform about an update of cron. personally i wanted to try Fcron for execute some scripts hourly/daily/montly at precises times (0h30 am, 4am) if the computer is on, or if computer off at these hours, start them when it's on. cron and anacron seemed incomplete.

JZL240I-U 03-14-2019 02:43 AM
Yeah, when I was home I checked the man pages. You are right, there is no change of cron I found, either. But. I use "backintime" for backups. The programm allows the user to automatically start a run after login. I presumed that was done with cron, after this I'm not sure anymore. As for the rest, SUSE has some subdirectories like cron.hourly or cron. weekly etc. which offer some functionality of fcron. If you want tight control, using fcron will be the better choice, I think.

Telolen 03-14-2019 03:05 AM
fine thx.

other thing, i check my syslog and see that

Code:
Mar 14 04:03:03 *** fcron[14989]: Job sh "/long/path.sh" >> "/long/path (truncated)
do you know how to have the complet line? not truncated. it's hidden possible errors.

JZL240I-U 03-14-2019 01:05 PM
No idea, sorry. Anybody else,please?


All times are GMT -5. The time now is 10:39 PM.