HPE Community
Operating System - HP-UX
1752307 Members
5378 Online
108786 Solutions
New Discussion юеВ

Re: msg on syslog

 
SOLVED
Go to solution
Vogra
Regular Advisor

тАО07-01-2002 05:32 AM

тАО07-01-2002 05:32 AM

msg on syslog

Hi All!

Today I saw the following syslog msg:
Jul 1 10:00:01 vsurjux1 rexecd[23040]: PAM Status - 9, PAM Error Message - Authentication failed

What it means?
Thanx.
[5 x World Championship]
We are spirits in the material world
0 Kudos
Reply
4 REPLIES 4
Dave Chamberlin
Trusted Contributor

тАО07-01-2002 06:07 AM

тАО07-01-2002 06:07 AM

Re: msg on syslog

It is basically a login failure, specifically an rexec failed to run due to bad password or permission problem. Rexec is used to run a program on a remote host.
Reply
Steve Steel
Honored Contributor

тАО07-01-2002 06:19 AM

тАО07-01-2002 06:19 AM

Solution

Re: msg on syslog

Hi

Indeed a bad authentication.

The list of possible messages and what they mean.



/* Generic PAM errors */
#define PAM_SUCCESS 0 /* Normal function return */
#define PAM_OPEN_ERR 1 /* Shared object load failure */
#define PAM_SYMBOL_ERR 2 /* Symbol not found */
#define PAM_SERVICE_ERR 3 /* Error in underlying service module */
#define PAM_SYSTEM_ERR 4 /* System error */
#define PAM_BUF_ERR 5 /* Memory buffer error */
#define PAM_CONV_ERR 6 /* Conversation failure */
#define PAM_PERM_DENIED 7 /* Permission denied */

/* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred()
*/
#define PAM_MAXTRIES 8 /* Maximum number of tries exceeded */
#define PAM_AUTH_ERR 9 /* Authentication failure */
#define PAM_AUTHTOKEN_REQD 10 /* Get new auth token from the user */
#define PAM_CRED_INSUFFICIENT 11 /* can not access auth data b/c */
/* of insufficient credentials */
#define PAM_AUTHINFO_UNAVAIL 12 /* Can not retrieve auth information */
#define PAM_USER_UNKNOWN 13 /* No account present for user */

/* Errors returned by pam_setcred() */
#define PAM_CRED_UNAVAIL 14 /* can not retrieve user credentials */
#define PAM_CRED_EXPIRED 15 /* user credentials expired */
#define PAM_CRED_ERR 16 /* failure setting user credentials */

/* Errors returned by pam_acct_mgmt() */
#define PAM_ACCT_EXPIRED 17 /* user account has expired */
#define PAM_AUTHTOK_EXPIRED 18 /* Password expired and no longer */
/* usable */
/* Errors returned by pam_open/close_session() */
#define PAM_SESSION_ERR 19 /* can not make/remove entry for */
/* specified session */

/* Errors returned by pam_chauthtok() */
#define PAM_AUTHTOK_ERR 20 /* Authentication token */
/* manipulation error */
#define PAM_AUTHTOK_RECOVERY_ERR 21 /* Old authentication token */
/* cannot be recovered */
#define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token */
/* lock busy */
#define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging */
/* is disabled */

/* Errors returned by pam_get_data */
#define PAM_NO_MODULE_DATA 24 /* module data not found */

/* Errors returned by modules */
#define PAM_IGNORE 25 /* ignore module */

#define PAM_ABORT 26 /* General PAM failure */
#define PAM_TRY_AGAIN 27 /* Unable to update password */
/* Try again another time */

#ifdef COMSEC
#define PAM_ACCT_DISABLED 28 /* Account is disabled */
#define PAM_TERM_DISABLED 29 /* Terminal is disabled */
#define PAM_NOT_AUTHORIZED 30 /* User is not authorized for
terminal access */
#define PAM_NOT_RTIME 31 /* Wrong time to login */
#define PAM_TERM_ERROR 32 /* Terminal database corruption or
no corresponding entry found */
#define PAM_PRPW_ERROR 33 /* Password database corruption
no corresponding entry found */

These are all the normal cases and put here as a document also for general info


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
Reply
Glenn S. Davidson
Trusted Contributor

тАО10-09-2002 06:38 AM

тАО10-09-2002 06:38 AM

Re: msg on syslog

OK, so I get the same messages but I was wondering is there a way to track down who it was that failed the authentication check or who's passords expired? I don't see any place in the man pages that describe a log file and I don't know much about PAM. I would rather not put the "nowarn" option or a "debug" option in the pam.conf if I don't have to.

Glenn
Conformity Destroys a mans initiative and independence. It supresses his powerful inner drive to do his own thing.
0 Kudos
Reply
John Dvorchak
Honored Contributor

тАО10-09-2002 06:59 AM

тАО10-09-2002 06:59 AM

Re: msg on syslog

Is the "5 x World Championship" a reference to Michael?

by the was lastb | grep vsurjux will tell you who commited the infraction and tried the rexec with proper authentication.

lastb -R|grep "Aug 24 07:56"

will tell you who commited the error on August 24 at 07:56 and the remote host name taken from the lastb command. So you can match up the date and time from syslog.log to find out who did it from where.
If it has wheels or a skirt, you can't afford it.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.