PAM Authentication Errors for one username. All other usernames log in properly
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.
The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).
We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.
If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.
Running 'passwd user3' as root gives the following entries in /var/log/secure:
passwd: pam_unix(passwd:chauthtok): password changed for user3
passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
When we SSH in as user3, /var/log/secure shows:
sshd[21420]: error: PAM: Authentication failure for user3 from computer1
That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:
unix_chkpwd[21903]: password check failed for user (user3)
sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
sshd[21718]: error: PAM: Authentication failure for user3 from computer1
sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3
It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.
I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.
rhel pam
asked Sep 25 at 19:28
Bagheera
1041
add a comment |Â
up vote
0
down vote
favorite
Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.
The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).
We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.
If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.
Running 'passwd user3' as root gives the following entries in /var/log/secure:
passwd: pam_unix(passwd:chauthtok): password changed for user3
passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
When we SSH in as user3, /var/log/secure shows:
sshd[21420]: error: PAM: Authentication failure for user3 from computer1
That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:
unix_chkpwd[21903]: password check failed for user (user3)
sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
sshd[21718]: error: PAM: Authentication failure for user3 from computer1
sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3
It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.
I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.
rhel pam
asked Sep 25 at 19:28
Bagheera
1041
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.
The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).
We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.
If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.
Running 'passwd user3' as root gives the following entries in /var/log/secure:
passwd: pam_unix(passwd:chauthtok): password changed for user3
passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
When we SSH in as user3, /var/log/secure shows:
sshd[21420]: error: PAM: Authentication failure for user3 from computer1
That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:
unix_chkpwd[21903]: password check failed for user (user3)
sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
sshd[21718]: error: PAM: Authentication failure for user3 from computer1
sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3
It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.
I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.
rhel pam
asked Sep 25 at 19:28
Bagheera
1041
Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.
The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).
We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.
If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.
Running 'passwd user3' as root gives the following entries in /var/log/secure:
passwd: pam_unix(passwd:chauthtok): password changed for user3
passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered
When we SSH in as user3, /var/log/secure shows:
sshd[21420]: error: PAM: Authentication failure for user3 from computer1
That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:
unix_chkpwd[21903]: password check failed for user (user3)
sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
sshd[21718]: error: PAM: Authentication failure for user3 from computer1
sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3
It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.
I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.
rhel pam
rhel pam
asked Sep 25 at 19:28
Bagheera
1041
asked Sep 25 at 19:28
Bagheera
1041
asked Sep 25 at 19:28
Bagheera
1041
asked Sep 25 at 19:28
Bagheera
1041
asked Sep 25 at 19:28
Bagheera
1041
1041
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.
The specification of this module is in /etc/pam.d/login as, for example:
auth required pam_tally2.so deny=6
You can determine the error count for a user with:
pam_tally2 --user=<username>
You can reset the count with:
pam_tally2 --user=<username> --reset
answered Sep 25 at 20:58
JRFerguson
9,21532329
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.
The specification of this module is in /etc/pam.d/login as, for example:
auth required pam_tally2.so deny=6
You can determine the error count for a user with:
pam_tally2 --user=<username>
You can reset the count with:
pam_tally2 --user=<username> --reset
answered Sep 25 at 20:58
JRFerguson
9,21532329
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
add a comment |Â
up vote
0
down vote
The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.
The specification of this module is in /etc/pam.d/login as, for example:
auth required pam_tally2.so deny=6
You can determine the error count for a user with:
pam_tally2 --user=<username>
You can reset the count with:
pam_tally2 --user=<username> --reset
answered Sep 25 at 20:58
JRFerguson
9,21532329
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.
The specification of this module is in /etc/pam.d/login as, for example:
auth required pam_tally2.so deny=6
You can determine the error count for a user with:
pam_tally2 --user=<username>
You can reset the count with:
pam_tally2 --user=<username> --reset
answered Sep 25 at 20:58
JRFerguson
9,21532329
The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.
The specification of this module is in /etc/pam.d/login as, for example:
auth required pam_tally2.so deny=6
You can determine the error count for a user with:
pam_tally2 --user=<username>
You can reset the count with:
pam_tally2 --user=<username> --reset
answered Sep 25 at 20:58
JRFerguson
9,21532329
edited Sep 25 at 21:19
answered Sep 25 at 20:58
JRFerguson
9,21532329
answered Sep 25 at 20:58
JRFerguson
9,21532329
answered Sep 25 at 20:58
JRFerguson
9,21532329
9,21532329
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
add a comment |Â
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
– Bagheera
Sep 26 at 13:32
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f471409%2fpam-authentication-errors-for-one-username-all-other-usernames-log-in-properly%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
