subject:"\[Spacewalk\-list\] Error with PAM authentication after Upgrade to CentOS 7.4"

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

2017-10-30 Thread Millage, Joel

Thanks for the ideas guys, I was able to get in at least!  Seems to be a 
SELINUX issues with Spacewalk 2.6 and CentOS 7.4. Upgrading to Spacewalk 2.7 
did seem to fix most of it though PAM auth still doesn't work right so I just 
left it disabled for now.

Joel  

-Original Message-
From: Michael Mraka [mailto:michael.mr...@redhat.com] 
Sent: Monday, October 30, 2017 4:02 AM
To: spacewalk-list@redhat.com
Cc: Millage, Joel <jmill...@integrity-apps.com>
Subject: Re: [Spacewalk-list] Error with PAM authentication after Upgrade to 
CentOS 7.4

Robert Paschedag:
> Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel" 
> <jmill...@integrity-apps.com>:
> >I am using Spacewalk 2.6 with PAM authentication and have been for a 
> >few months without issues. I updated from CentOS 7.3 to 7.4 this week 
> >and now my PAM authentication no longer works with any of my users.  
> >I use PAM authentication with Kerberos 1.5.
...
> >I realize now I shouldn't have made my only admin user on PAM 
> >authentication as I can't even login with spacecmd.  Is there any way 
> >I can disable PAM auth on this user so I can login without PAM?  All 
> >the tools I have found allow me to reset my password, but not disable PAM.
> >Any help would be great thanks!
> >
> >Joel
> 
> I think the rhnuser table should be a good starting point. But I don't know, 
> if the authentication "type" is also stored there.

Unfortunately you can have only certain users using pam. It's a global option.
So disable pam, (re)set local password, fix the pam issue and reenable it.

Regards,

--
Michael Mráka
System Management Engineering, Red Hat


___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

2017-10-30 Thread Michael Mraka

Robert Paschedag:
> Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel" 
> :
> >I am using Spacewalk 2.6 with PAM authentication and have been for a
> >few months without issues. I updated from CentOS 7.3 to 7.4 this week
> >and now my PAM authentication no longer works with any of my users.  I
> >use PAM authentication with Kerberos 1.5.
...
> >I realize now I shouldn't have made my only admin user on PAM
> >authentication as I can't even login with spacecmd.  Is there any way I
> >can disable PAM auth on this user so I can login without PAM?  All the
> >tools I have found allow me to reset my password, but not disable PAM.
> >Any help would be great thanks!
> >
> >Joel
> 
> I think the rhnuser table should be a good starting point. But I don't know, 
> if the authentication "type" is also stored there.

Unfortunately you can have only certain users using pam. It's a global option.
So disable pam, (re)set local password, fix the pam issue and reenable it.

Regards,

--
Michael Mráka
System Management Engineering, Red Hat

___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

2017-10-29 Thread Robert Paschedag

Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel" 
:
>I am using Spacewalk 2.6 with PAM authentication and have been for a
>few months without issues. I updated from CentOS 7.3 to 7.4 this week
>and now my PAM authentication no longer works with any of my users.  I
>use PAM authentication with Kerberos 1.5.
>
>Since CentOS 7.4 I get the following error in the tomcat.service of
>Spacewalk:
>
>pam_krb5[9598]: error reading keytab 'FILE:/etc/krb5.keytab'
>Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]:
>pam_krb5[9598]: TGT verified
>Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]:
>pam_krb5[9598]: authentication succeeds for 'jmillage'
>Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com server[9598]:
>2017-10-28 14:34:19,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] WARN 
>com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User
>jmillage (id 1, org_id 1) failed with error System error.
>Oct 28 14:34:21 ccam-thorcp2.integrity-apps.com server[9598]:
>2017-10-28 14:34:21,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] INFO 
>com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE:
>[jmillage]
>
>I realize now I shouldn't have made my only admin user on PAM
>authentication as I can't even login with spacecmd.  Is there any way I
>can disable PAM auth on this user so I can login without PAM?  All the
>tools I have found allow me to reset my password, but not disable PAM.
>Any help would be great thanks!
>
>Joel

I think the rhnuser table should be a good starting point. But I don't know, if 
the authentication "type" is also stored there.

Robert

___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

[Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

2017-10-28 Thread Millage, Joel

I am using Spacewalk 2.6 with PAM authentication and have been for a few months 
without issues. I updated from CentOS 7.3 to 7.4 this week and now my PAM 
authentication no longer works with any of my users.  I use PAM authentication 
with Kerberos 1.5.

Since CentOS 7.4 I get the following error in the tomcat.service of Spacewalk:

pam_krb5[9598]: error reading keytab 'FILE:/etc/krb5.keytab'
Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: pam_krb5[9598]: TGT 
verified
Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: pam_krb5[9598]: 
authentication succeeds for 'jmillage'
Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com server[9598]: 2017-10-28 
14:34:19,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] WARN  
com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User jmillage 
(id 1, org_id 1) failed with error System error.
Oct 28 14:34:21 ccam-thorcp2.integrity-apps.com server[9598]: 2017-10-28 
14:34:21,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] INFO  
com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [jmillage]

I realize now I shouldn't have made my only admin user on PAM authentication as 
I can't even login with spacecmd.  Is there any way I can disable PAM auth on 
this user so I can login without PAM?  All the tools I have found allow me to 
reset my password, but not disable PAM.
Any help would be great thanks!

Joel


___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

[Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4

4 matches

Site Navigation

Mail list logo

Footer information