LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-06-2007, 05:43 PM   #1
combatwombat
Member
 
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53

Rep: Reputation: 15
Pam Authentication problem


Hi all,
using Ubuntu Feisty 64, I tried my darnedest to get OpenLDAP server running with TLS on it; no dice. So I gave up after many days, and tried to set things back to normal for authentication. However I cannot sudo any longer as it comes up:sudo: pam_authenticate:Authentication information cannot be recovered
Which makes it nigh on impossible to do anything.
My nsswitch is back to compat, and the pam.d/common files are all factory standard too.

Help!
 
Old 09-06-2007, 07:06 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,820
Blog Entries: 4

Rep: Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984Reputation: 3984
Well, the first place to look might be in a file like /etc/pam.d/sudo. (You might have to boot the machine from something like a Knoppix CD-ROM so that you can look at these files if you cannot login normally as root.)

As described in man pam, these are the files that tell PAM how to resolve various kinds of authentication requests.

Maybe it's premature to give-up quite yet, because I'll hazard a guess right now that what you're going to find in that file is some kind of rule that tells PAM to search for an LDAP server against which to authenticate the request. It's going to use pam_ldap to do that. (See: man pam_ldap et al.)

It may well be that the system is trying to authenticate against itself. A reasonable thing to do, but problematic if its own server is not working.

Commenting-out a few entries in this file might radically change things (for the better).
 
Old 09-06-2007, 10:45 PM   #3
combatwombat
Member
 
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53

Original Poster
Rep: Reputation: 15
Thanks for the reply, but the /etc/pam.d/sudo file is fine, just referencing the common-auth and common-account. I don't want it to look for LDAP anymore, only authenticating against itself, but cannot find anyway of kicking it back into line.

I am able to login as root by choosing the fix-up mode at grub, as I had given root a password much earlier.

Pam_ldap has been removed via aptitude.

Any other ideas?
 
Old 09-07-2007, 07:32 AM   #4
combatwombat
Member
 
Registered: Apr 2003
Location: Hastings, Hawkes Bay, NZ
Distribution: Ubuntu Gutsy Gibbon
Posts: 53

Original Poster
Rep: Reputation: 15
Fixed!

In /etc/pam.d/common-auth the line as follows:
auth required pam_unix.so nullok_secure use_first_pass
needed the the use first pass removed.
Able to do all that at command line, which is just as well, 'cos it's a RAID machine, and mounting those under a live cd is tricky.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pam radius authentication danieldinu Linux - Security 2 07-17-2009 01:56 PM
rsh problem - PAM authentication failed for in.rlogind davey123 Linux - Security 0 12-05-2005 11:24 AM
pam and ldap authentication problem abrb220 Linux - Networking 2 07-31-2005 03:49 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
PAM authentication failed qanopus Linux - Software 0 02-18-2004 02:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration