On 26/08/16 02:14 +0000, Jason A Ramsey wrote: > Well, I got around the problem, but I don’t understand the solution… > > I edited /etc/pam.d/password-auth and commented out the following line: > > auth required pam_tally2.so onerr=fail audit silent > deny=5 unlock_time=900 > > Anyone have any idea why this was interfering?
No clear idea, but... > On 08/25/2016 03:04 PM, Jason A Ramsey wrote: >> type=USER_AUTH msg=audit(1472154922.415:69): user pid=1138 uid=0 >> auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 >> msg='op=PAM:authentication acct="hacluster" exe="/usr/bin/ruby" >> hostname=? addr=? terminal=? res=failed' First, this definitely has nothing to do with SELinux (as opposed to "AVC" type of audit record). As a wild guess, if you want to continue using pam_tally2 module (seems like a good idea), I'd suggest giving magic_root option a try (and perhaps evaluate if that would be an acceptable compromise). -- Jan (Poki)
pgpkU739TmiC1.pgp
Description: PGP signature
_______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
