PAM Authentication Errors for one username. All other usernames log in properly

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.



The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).



We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.



If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.



Running 'passwd user3' as root gives the following entries in /var/log/secure:



passwd: pam_unix(passwd:chauthtok): password changed for user3
passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered


When we SSH in as user3, /var/log/secure shows:



sshd[21420]: error: PAM: Authentication failure for user3 from computer1


That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:



unix_chkpwd[21903]: password check failed for user (user3)
sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
sshd[21718]: error: PAM: Authentication failure for user3 from computer1
sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3


It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.



I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.










share|improve this question

























    up vote
    0
    down vote

    favorite












    Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.



    The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).



    We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.



    If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.



    Running 'passwd user3' as root gives the following entries in /var/log/secure:



    passwd: pam_unix(passwd:chauthtok): password changed for user3
    passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered


    When we SSH in as user3, /var/log/secure shows:



    sshd[21420]: error: PAM: Authentication failure for user3 from computer1


    That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:



    unix_chkpwd[21903]: password check failed for user (user3)
    sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
    sshd[21718]: error: PAM: Authentication failure for user3 from computer1
    sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3


    It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.



    I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.










    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.



      The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).



      We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.



      If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.



      Running 'passwd user3' as root gives the following entries in /var/log/secure:



      passwd: pam_unix(passwd:chauthtok): password changed for user3
      passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered


      When we SSH in as user3, /var/log/secure shows:



      sshd[21420]: error: PAM: Authentication failure for user3 from computer1


      That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:



      unix_chkpwd[21903]: password check failed for user (user3)
      sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
      sshd[21718]: error: PAM: Authentication failure for user3 from computer1
      sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3


      It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.



      I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.










      share|improve this question













      Red Hat Enterprise Linux 6.10 in VMWare virtual machine. We have several user accounts defined. One user account (user3) is unable to log in, either through SSH or the VMWare Console. It has logged in in the past, but for the last two days it has not been able to login. Other user accounts can log in with no issues.



      The user's account is listed in /etc/passwd and /etc/shadow, and is not locked out. We created a new user, and that user logged in with no issues. The /etc/passwd entry shows a valid shell path (/bin/bash).



      We deleted user3 and recreated the account. It still cannot log in. New accounts with any other name (usr3, user33, etc.) can log on. An account named user3 cannot log on.



      If a new account gets the UID that user3 had, it can log in. If a new account named user3 has a different UID, it still cannot log in. Somewhere the display name 'user3' is locked out.



      Running 'passwd user3' as root gives the following entries in /var/log/secure:



      passwd: pam_unix(passwd:chauthtok): password changed for user3
      passwd: gkr-pam: couldn't update the 'login' keyring password: no old password was entered


      When we SSH in as user3, /var/log/secure shows:



      sshd[21420]: error: PAM: Authentication failure for user3 from computer1


      That's it. No other errors. Interestingly, when we intentionally enter an incorrect password, we see a differnt set of errors:



      unix_chkpwd[21903]: password check failed for user (user3)
      sshs[21745]pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer1 user=user3
      sshd[21718]: error: PAM: Authentication failure for user3 from computer1
      sshd[22121]: error: PAM: Authentication failure for illegal user user3 from computer3


      It appears to me that PAM has a corrupt entry for 'user3' somewhere. I don't know PAM well enough to troubleshoot further.



      I need to avoid any solutions that wipe/reset the entire PAM configuration, as I don't want to affect other user accounts. I'd appreciate any advice that can pinpoint the 'user3' name.







      rhel pam






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 25 at 19:28









      Bagheera

      1041




      1041




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.



          The specification of this module is in /etc/pam.d/login as, for example:



          auth required pam_tally2.so deny=6 


          You can determine the error count for a user with:



          pam_tally2 --user=<username>


          You can reset the count with:



          pam_tally2 --user=<username> --reset





          share|improve this answer






















          • It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
            – Bagheera
            Sep 26 at 13:32










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f471409%2fpam-authentication-errors-for-one-username-all-other-usernames-log-in-properly%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.



          The specification of this module is in /etc/pam.d/login as, for example:



          auth required pam_tally2.so deny=6 


          You can determine the error count for a user with:



          pam_tally2 --user=<username>


          You can reset the count with:



          pam_tally2 --user=<username> --reset





          share|improve this answer






















          • It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
            – Bagheera
            Sep 26 at 13:32














          up vote
          0
          down vote













          The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.



          The specification of this module is in /etc/pam.d/login as, for example:



          auth required pam_tally2.so deny=6 


          You can determine the error count for a user with:



          pam_tally2 --user=<username>


          You can reset the count with:



          pam_tally2 --user=<username> --reset





          share|improve this answer






















          • It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
            – Bagheera
            Sep 26 at 13:32












          up vote
          0
          down vote










          up vote
          0
          down vote









          The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.



          The specification of this module is in /etc/pam.d/login as, for example:



          auth required pam_tally2.so deny=6 


          You can determine the error count for a user with:



          pam_tally2 --user=<username>


          You can reset the count with:



          pam_tally2 --user=<username> --reset





          share|improve this answer














          The pam_tally2 module keeps a count of attempted accesses and can deny access if too many attempts fail. The manpages for this module have more information.



          The specification of this module is in /etc/pam.d/login as, for example:



          auth required pam_tally2.so deny=6 


          You can determine the error count for a user with:



          pam_tally2 --user=<username>


          You can reset the count with:



          pam_tally2 --user=<username> --reset






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Sep 25 at 21:19

























          answered Sep 25 at 20:58









          JRFerguson

          9,21532329




          9,21532329











          • It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
            – Bagheera
            Sep 26 at 13:32
















          • It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
            – Bagheera
            Sep 26 at 13:32















          It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
          – Bagheera
          Sep 26 at 13:32




          It's interesting that it shows 0 failures for user3. Even after intentionally entering the password incorrectly, pam_tally2 shows 0 failures.
          – Bagheera
          Sep 26 at 13:32

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f471409%2fpam-authentication-errors-for-one-username-all-other-usernames-log-in-properly%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?