Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4
Thanks for the ideas guys, I was able to get in at least! Seems to be a SELINUX issues with Spacewalk 2.6 and CentOS 7.4. Upgrading to Spacewalk 2.7 did seem to fix most of it though PAM auth still doesn't work right so I just left it disabled for now. Joel -Original Message- From: Michael Mraka [mailto:michael.mr...@redhat.com] Sent: Monday, October 30, 2017 4:02 AM To: spacewalk-list@redhat.com Cc: Millage, Joel <jmill...@integrity-apps.com> Subject: Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4 Robert Paschedag: > Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel" > <jmill...@integrity-apps.com>: > >I am using Spacewalk 2.6 with PAM authentication and have been for a > >few months without issues. I updated from CentOS 7.3 to 7.4 this week > >and now my PAM authentication no longer works with any of my users. > >I use PAM authentication with Kerberos 1.5. ... > >I realize now I shouldn't have made my only admin user on PAM > >authentication as I can't even login with spacecmd. Is there any way > >I can disable PAM auth on this user so I can login without PAM? All > >the tools I have found allow me to reset my password, but not disable PAM. > >Any help would be great thanks! > > > >Joel > > I think the rhnuser table should be a good starting point. But I don't know, > if the authentication "type" is also stored there. Unfortunately you can have only certain users using pam. It's a global option. So disable pam, (re)set local password, fix the pam issue and reenable it. Regards, -- Michael Mráka System Management Engineering, Red Hat ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4
Robert Paschedag: > Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel" >: > >I am using Spacewalk 2.6 with PAM authentication and have been for a > >few months without issues. I updated from CentOS 7.3 to 7.4 this week > >and now my PAM authentication no longer works with any of my users. I > >use PAM authentication with Kerberos 1.5. ... > >I realize now I shouldn't have made my only admin user on PAM > >authentication as I can't even login with spacecmd. Is there any way I > >can disable PAM auth on this user so I can login without PAM? All the > >tools I have found allow me to reset my password, but not disable PAM. > >Any help would be great thanks! > > > >Joel > > I think the rhnuser table should be a good starting point. But I don't know, > if the authentication "type" is also stored there. Unfortunately you can have only certain users using pam. It's a global option. So disable pam, (re)set local password, fix the pam issue and reenable it. Regards, -- Michael Mráka System Management Engineering, Red Hat ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4
Am 28. Oktober 2017 20:37:08 MESZ schrieb "Millage, Joel": >I am using Spacewalk 2.6 with PAM authentication and have been for a >few months without issues. I updated from CentOS 7.3 to 7.4 this week >and now my PAM authentication no longer works with any of my users. I >use PAM authentication with Kerberos 1.5. > >Since CentOS 7.4 I get the following error in the tomcat.service of >Spacewalk: > >pam_krb5[9598]: error reading keytab 'FILE:/etc/krb5.keytab' >Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: >pam_krb5[9598]: TGT verified >Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: >pam_krb5[9598]: authentication succeeds for 'jmillage' >Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com server[9598]: >2017-10-28 14:34:19,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] WARN >com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User >jmillage (id 1, org_id 1) failed with error System error. >Oct 28 14:34:21 ccam-thorcp2.integrity-apps.com server[9598]: >2017-10-28 14:34:21,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] INFO >com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: >[jmillage] > >I realize now I shouldn't have made my only admin user on PAM >authentication as I can't even login with spacecmd. Is there any way I >can disable PAM auth on this user so I can login without PAM? All the >tools I have found allow me to reset my password, but not disable PAM. >Any help would be great thanks! > >Joel I think the rhnuser table should be a good starting point. But I don't know, if the authentication "type" is also stored there. Robert ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
[Spacewalk-list] Error with PAM authentication after Upgrade to CentOS 7.4
I am using Spacewalk 2.6 with PAM authentication and have been for a few months without issues. I updated from CentOS 7.3 to 7.4 this week and now my PAM authentication no longer works with any of my users. I use PAM authentication with Kerberos 1.5. Since CentOS 7.4 I get the following error in the tomcat.service of Spacewalk: pam_krb5[9598]: error reading keytab 'FILE:/etc/krb5.keytab' Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: pam_krb5[9598]: TGT verified Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com java[9598]: pam_krb5[9598]: authentication succeeds for 'jmillage' Oct 28 14:34:19 ccam-thorcp2.integrity-apps.com server[9598]: 2017-10-28 14:34:19,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User jmillage (id 1, org_id 1) failed with error System error. Oct 28 14:34:21 ccam-thorcp2.integrity-apps.com server[9598]: 2017-10-28 14:34:21,091 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-3] INFO com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: [jmillage] I realize now I shouldn't have made my only admin user on PAM authentication as I can't even login with spacecmd. Is there any way I can disable PAM auth on this user so I can login without PAM? All the tools I have found allow me to reset my password, but not disable PAM. Any help would be great thanks! Joel ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list