Weird Authentication Failure
Bill Bogstad
bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Wed May 26 17:17:30 EDT 2010
On Wed, May 26, 2010 at 4:36 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> I have a batch of Intel boxes running Scientific Linux 4.4 (a re-spin of RHELv4.4) that I am in the process of updating to SL 5.4 (a re-spin of RHELv5.4). We have a bunch of visitor accounts (ie "vis101") that work on the 4.4 machines but not the 5.4 machines. These accounts exist in LDAP & Kerberos, they are identical to the regular accounts used by permanent people.
>
> Now, here's the wacky thing. All of the LDAP and Kerberos data is correct. If I log in as root, su to the account and kinit, the authentication works. I can generate tickets as that principle, do everything normally. If I log in as myself (non-root) and su, I get an invalid password error. I get the same error if I try to log in on console or via SSH. I suspect something in PAM but I cannot for the life of me identify it.
>
> Any thoughts as to where to go poking around for configuration changes or fixes?
First, I would try to figure out why root can "su" to these accounts
and your regular account can't. Maybe try
running it under "strace" and see how the system call patterns differ.
Bill Bogstad
More information about the Discuss
mailing list