Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-06-2007, 05:43 PM
|
#1
|
Member
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53
Rep:
|
Pam Authentication problem
Hi all,
using Ubuntu Feisty 64, I tried my darnedest to get OpenLDAP server running with TLS on it; no dice. So I gave up after many days, and tried to set things back to normal for authentication. However I cannot sudo any longer as it comes up:sudo: pam_authenticate:Authentication information cannot be recovered
Which makes it nigh on impossible to do anything.
My nsswitch is back to compat, and the pam.d/common files are all factory standard too.
Help!
|
|
|
09-06-2007, 07:06 PM
|
#2
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,820
|
Well, the first place to look might be in a file like /etc/pam.d/sudo. (You might have to boot the machine from something like a Knoppix CD-ROM so that you can look at these files if you cannot login normally as root.)
As described in man pam, these are the files that tell PAM how to resolve various kinds of authentication requests.
Maybe it's premature to give-up quite yet, because I'll hazard a guess right now that what you're going to find in that file is some kind of rule that tells PAM to search for an LDAP server against which to authenticate the request. It's going to use pam_ldap to do that. (See: man pam_ldap et al.)
It may well be that the system is trying to authenticate against itself. A reasonable thing to do, but problematic if its own server is not working.
Commenting-out a few entries in this file might radically change things (for the better).
|
|
|
09-06-2007, 10:45 PM
|
#3
|
Member
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53
Original Poster
Rep:
|
Thanks for the reply, but the /etc/pam.d/sudo file is fine, just referencing the common-auth and common-account. I don't want it to look for LDAP anymore, only authenticating against itself, but cannot find anyway of kicking it back into line.
I am able to login as root by choosing the fix-up mode at grub, as I had given root a password much earlier.
Pam_ldap has been removed via aptitude.
Any other ideas?
|
|
|
09-07-2007, 07:32 AM
|
#4
|
Member
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53
Original Poster
Rep:
|
Fixed!
In /etc/pam.d/common-auth the line as follows:
auth required pam_unix.so nullok_secure use_first_pass
needed the the use first pass removed.
Able to do all that at command line, which is just as well, 'cos it's a RAID machine, and mounting those under a live cd is tricky.
|
|
|
All times are GMT -5. The time now is 02:01 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|