HPE Community
Operating System - HP-UX
1833115 Members
2902 Online
110051 Solutions
New Discussion

Re: PAM messages in syslog

 
Tom Wolf_3
Valued Contributor

‎06-30-2005 01:20 AM

‎06-30-2005 01:20 AM

PAM messages in syslog

Hello all. I'm running HP-UX 11i on a rp5470. PAM (Pluggable Authentication Module) keeps logging the following entries in syslog: "remshd[8174]: PAM Status - 10, PAM Error Message - Get new authentication token". We aren't using PAM on this machine and I'd like to disable it. I read that placing "nowarn" in the options field of the authentication section of /etc/pam.conf would supposedly disable PAM but I'm still seeing these entries in syslog even after editing that file. The entries are just a nuisance - the system is running fine. At any rate, if someone out there has encountered these same messages in syslog and found a way to stop them from being generated I'd like to hear from them.

Thanks for your time.

-Tom
0 Kudos
Reply
2 REPLIES 2
melvyn burnard
Honored Contributor

‎06-30-2005 02:00 AM

‎06-30-2005 02:00 AM

Re: PAM messages in syslog

This is not PAM logging the message it is remshd.
It seems that someone may be trying to log in to your system with an expired account or password. It may be worth checking the syslog for other entries of interest that may point to this.

My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Alex Glennie
Honored Contributor

‎06-30-2005 02:06 AM

‎06-30-2005 02:06 AM

Re: PAM messages in syslog

Is this system trusted at all, I suggest installing PHCO_29028 s700_800 11.11 libsec cumulative patch

I *think* you are seeing ->

( SR:8606212549 CR:JAGad81735 )
remshd and ftpd can intermittently fail under
heavy loads on a trusted system.

Resolution:
Fixed a timing problem in libsec.

Background : r-commands cumulative mega-patch introduced PAM authentication capability to rexecd(1M) and remshd
(1M).
Itâ s possible that, due to a limitation in thelibrary /usr/lib/libsec.2, the parallel remsh commands might be exceeding the
maximum login rate of the system, which can show up as errors in PAM.

worth a try ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.