Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

PAM authentication error while login to HP-UX 11.23

Feji
Occasional Visitor

PAM authentication error while login to HP-UX 11.23

Hi All,

 

Am getting below error while login to the server. This user account is created newly and is a local account.

 

 

sshd[16187]: error: PAM: User account has expired for xxxxx

 

 

# cat /etc/nsswitch.conf
passwd:       files [NOTFOUND=continue] ldap

 

cat /etc/pam.conf

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass

 

Please help me to resolve the issue.

 

 

P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security - HP Forums Moderator

 

 

 

2 REPLIES
laiju.c.babu
Regular Advisor

Re: PAM authentication error while login to HP-UX 11.23

Hi,

 

Please attach the pam.conf file and the error you are getting while connecting to the server

Laiju.C.Babu
Feji
Occasional Visitor

Re: PAM authentication error while login to HP-UX 11.23

 # cat sshd_config | grep -v "^#" | grep -v "^$"

Protocol 2

HostKey /opt/ssh/etc/ssh_host_rsa_key

HostKey /opt/ssh/etc/ssh_host_dsa_key

MaxAuthTries 10

HostbasedAuthentication yes

IgnoreUserKnownHosts yes

PasswordAuthentication yes

PermitEmptyPasswords no

UsePAM yes

X11Forwarding yes

PrintMotd no

UseDNS yes

Subsystem       sftp    /opt/ssh/libexec/sftp-server

 

Message from syslog:-

 

May  7 07:34:59 xxxxxxx sshd[5011]: SSH: Server;Ltype: Version;Remote: zzzzzzz-50885;Protocol: 2.0;Client: OpenSSH_4.3

May  7 07:35:04 xxxxxxxx sshd[5011]: error: PAM: User account has expired for yyyyyy from zzzzzzz

May  7 07:35:07 xxxxxxx sshd[5011]: Failed password for yyyyyyy  from zzzzzzz port 50885 ssh2

 

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/wwwwww/.ssh/id_rsa

debug3: no such identity: /home/wwwwwww/.ssh/id_rsa

debug1: Trying private key: /home/wwwwww/.ssh/id_dsa

debug3: no such identity: /home/wwwwww/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

yyyyyyy@xxxxxxx's password:

debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)

debug2: we sent a password packet, wait for reply

Connection closed by zzzzzzzzz

bash-3.00$

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
su       auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
su       auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
su       auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtlogin  auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtaction auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtaction auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
ftp      auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
ftp      auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
rcomds   auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
sshd     auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
sshd     auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
OTHER    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
#
# Account management
#
login    account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
login    account required       /usr/lib/security/$ISA/libpam_authz.so.1
login    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
login    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
su       account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
su       account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
su       account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_authz.so.1
dtlogin  account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_ldap.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_ldap.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
sshd     account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_authz.so.1
sshd     account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
OTHER    account required       /usr/lib/security/$ISA/libpam_authz.so.1
OTHER    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
#