- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- PAM Authentication
Operating System - HP-UX
1762916
Members
1940
Online
108909
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2002 12:55 AM
07-25-2002 12:55 AM
Hi,
My users use Envize X workstations and we have recently gone to CDE from VUE obtaining a boot from one of our servers.
One users screen lock kicked in and he could not unlock it even though he was 'confident' that he was putting in the correct password !
I was led to believe that the root p/w or a UID 0 p/w could unlock any users screen lock but this did not seem to be the case !?! - Can anyone confirm?
After investigating syslog, I was indeed happy that the user was indeed putting in the correct password as there were the following entries :
DTSESSION: pam_setcred: failure : 33
DTSESSION: audit_log: cannot set effective uid before audwrite
DTSESSION: pamauthenticate status: 13
I tried to replicate the problem by entering the wrong password for my account and I got pam_authenticate status of 9 (which was correct when looking at the error codes for pam.
13 however seems to indicate :-
#define PAM_USER_UNKNOWN 13 /* No account present for user */
This confuses me as the user has a valid account and we can telnet to the server as him with his password no problem.
More worryingly, and I'm not sure if this relates to the pam_setcread error above, but I've found a reference that error 33 could mean :-
#define PAM_PRPW_ERROR 33 /* Password database corruption
no corresponding entry found */
Any ideas ?
Many thanks in advance
Russell
My users use Envize X workstations and we have recently gone to CDE from VUE obtaining a boot from one of our servers.
One users screen lock kicked in and he could not unlock it even though he was 'confident' that he was putting in the correct password !
I was led to believe that the root p/w or a UID 0 p/w could unlock any users screen lock but this did not seem to be the case !?! - Can anyone confirm?
After investigating syslog, I was indeed happy that the user was indeed putting in the correct password as there were the following entries :
DTSESSION: pam_setcred: failure : 33
DTSESSION: audit_log: cannot set effective uid before audwrite
DTSESSION: pamauthenticate status: 13
I tried to replicate the problem by entering the wrong password for my account and I got pam_authenticate status of 9 (which was correct when looking at the error codes for pam.
13 however seems to indicate :-
#define PAM_USER_UNKNOWN 13 /* No account present for user */
This confuses me as the user has a valid account and we can telnet to the server as him with his password no problem.
More worryingly, and I'm not sure if this relates to the pam_setcread error above, but I've found a reference that error 33 could mean :-
#define PAM_PRPW_ERROR 33 /* Password database corruption
no corresponding entry found */
Any ideas ?
Many thanks in advance
Russell
It's not a problem, it's an opportunity !
Solved! Go to Solution.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2002 01:16 AM
07-25-2002 01:16 AM
Solution
You are quite right roots passwd can overide a users passwd wrt CDE's screenlock.
I've not come across this before but am wondering if this system is trusted ? involved with a DCE cell or whether nis maybe involed ?
also would I be correct in saying this is 10.20 ? has the O/S been upgraded as well and what is your patch level like ?
maybe worth a /usr/sbin/pwck
I've not come across this before but am wondering if this system is trusted ? involved with a DCE cell or whether nis maybe involed ?
also would I be correct in saying this is 10.20 ? has the O/S been upgraded as well and what is your patch level like ?
maybe worth a /usr/sbin/pwck
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP