PAM authentication error while login to HP-UX 11.23

Feji — Wed, 24 Apr 2013 06:49:43 GMT

Hi All,

Am getting below error while login to the server. This user account is created newly and is a local account.

sshd[16187]: error: PAM: User account has expired for xxxxx

# cat /etc/nsswitch.conf
passwd: files [NOTFOUND=continue] ldap

cat /etc/pam.conf

Please help me to resolve the issue.

P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security - HP Forums Moderator

Re: PAM authentication error while login to HP-UX 11.23

laiju.c.babu — Wed, 24 Apr 2013 07:51:31 GMT

Hi,

Please attach the pam.conf file and the error you are getting while connecting to the server

Re: PAM authentication error while login to HP-UX 11.23

Feji — Tue, 07 May 2013 07:36:05 GMT

# cat sshd_config | grep -v "^#" | grep -v "^$"

Protocol 2

HostKey /opt/ssh/etc/ssh_host_rsa_key

HostKey /opt/ssh/etc/ssh_host_dsa_key

MaxAuthTries 10

HostbasedAuthentication yes

IgnoreUserKnownHosts yes

PasswordAuthentication yes

PermitEmptyPasswords no

UsePAM yes

X11Forwarding yes

PrintMotd no

UseDNS yes

Subsystem sftp /opt/ssh/libexec/sftp-server

Message from syslog:-

May 7 07:34:59 xxxxxxx sshd[5011]: SSH: Server;Ltype: Version;Remote: zzzzzzz-50885;Protocol: 2.0;Client: OpenSSH_4.3

May 7 07:35:04 xxxxxxxx sshd[5011]: error: PAM: User account has expired for yyyyyy from zzzzzzz

May 7 07:35:07 xxxxxxx sshd[5011]: Failed password for yyyyyyy from zzzzzzz port 50885 ssh2

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/wwwwww/.ssh/id_rsa

debug3: no such identity: /home/wwwwwww/.ssh/id_rsa

debug1: Trying private key: /home/wwwwww/.ssh/id_dsa

debug3: no such identity: /home/wwwwww/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

yyyyyyy@xxxxxxx's password:

debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)

debug2: we sent a password packet, wait for reply

Connection closed by zzzzzzzzz

bash-3.00$

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
su       auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
su       auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
su       auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtlogin auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtaction auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtaction auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
ftp      auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
ftp      auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
rcomds   auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
sshd     auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
sshd     auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
OTHER    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
#
# Account management
#
login    account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
login    account required       /usr/lib/security/$ISA/libpam_authz.so.1
login    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
login    account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
su       account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
su       account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
su       account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtlogin account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin account required       /usr/lib/security/$ISA/libpam_authz.so.1
dtlogin account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_ldap.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_ldap.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
sshd     account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_authz.so.1
sshd     account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
OTHER    account required       /usr/lib/security/$ISA/libpam_authz.so.1
OTHER    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
#

topic PAM authentication error while login to HP-UX 11.23 in Operating System - HP-UX

PAM authentication error while login to HP-UX 11.23

Re: PAM authentication error while login to HP-UX 11.23

Re: PAM authentication error while login to HP-UX 11.23