On Sep 20, 2015 5:35 PM, "Ken Moffat" <[email protected]> wrote: > > Yeah, I know PAM has the ability to break a system, and that is why > I normally avoid it. But I was persuaded to try using it in my > current build. This system booted fine. I then built the docbook > packages, and then I added Linux-PAM and rebuilt shadow. Then I > rebooted to check it still worked - but it didn't. Unfortunately, > I did not back up the system before building PAM. > > Now, when I boot it and try to login, both normal users and root get > a string of messages before the prompt for the password, and after > entering the passwd, 'Permission denied'. > > Going back to the host system and mounting the new one at /mnt/lfs, > I can see the messages in /var/log/auth.log : > > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM unable to > dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot > open shared object file: No such file or directory > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM adding faulty module: > /lib/security/pam_deny.so > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM pam_start: invalid > argument: service == NULL > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM unable to > dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot > open shared object file: No such file or directory > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM adding faulty module: > /lib/security/pam_deny.so > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM pam_start: invalid > argument: conv == NULL > Sep 20 18:34:20 jtm1 lt-tst-pam_start: PAM pam_start: invalid > argument: pamh == NULL > > and a bit later, all the erorr messages which appeared on the > screen: > > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `FAILLOG_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `LASTLOG_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `MAIL_CHECK_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `OBSCURE_CHECKS_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `PORTTIME_CHECKS_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `QUOTAS_ENAB' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `MOTD_FILE' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `FTMP_FILE' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `NOLOGINS_FILE' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `ENV_HZ' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `PASS_MIN_LEN' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `SU_WHEEL_ONLY' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `CRACKLIB_DICTPATH' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `PASS_CHANGE_TRIES' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `PASS_ALWAYS_WARN' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `CHFN_AUTH' > Sep 20 18:40:27 jtm1 login[1097]: unknown configuration item > `ENVIRON_FILE' > > I mounted it at /mnt/lfs, and it seemed to me that all the linkages > were correct. Now, I've come back to it, chrooted, listed all the > PAM libs and their linkages into a file, copied that, and since all > the links do indeed appear fine, tried to boot it again, with the > same results. > > The linkages are attached. > > Looking at the files in /etc/pam.d 'other' is the restrictive > version, from the bottom of the Linux-PAM page, system-password is > the non-cracklib version, the others from PAM appear to match what > is on the page. > > I see from the 'su' file: > # Uncomment the following line to implicitly trust users in the > # "wheel" group. > #auth sufficient pam_wheel.so trust use_uid > # Uncomment the following line to require a user to be in the > # "wheel" group. > auth required pam_wheel.so use_uid > > So clearly I will need to comment that last line (since I do not > have a wheel group) to be able to su. But apart from that, I do not > see what is wrong. Contents attached as pam-files. > > Any clues, please ? > Hi Ken,
I took a look at your files and a large majority of them do not match the book. I see several references to pam_selinux.so. The normal files installed by shadow don't work, so you might want to check and see if the config files in the book match your config files. Douglas R. Reno
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
