[ClusterLabs] pcs cluster auth returns authentication error
Jan Pokorný
jpokorny at redhat.com
Mon Sep 5 21:32:54 UTC 2016
On 26/08/16 02:14 +0000, Jason A Ramsey wrote:
> Well, I got around the problem, but I don’t understand the solution…
>
> I edited /etc/pam.d/password-auth and commented out the following line:
>
> auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900
>
> Anyone have any idea why this was interfering?
No clear idea, but...
> On 08/25/2016 03:04 PM, Jason A Ramsey wrote:
>> type=USER_AUTH msg=audit(1472154922.415:69): user pid=1138 uid=0
>> auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
>> msg='op=PAM:authentication acct="hacluster" exe="/usr/bin/ruby"
>> hostname=? addr=? terminal=? res=failed'
First, this definitely has nothing to do with SELinux (as opposed to
"AVC" type of audit record).
As a wild guess, if you want to continue using pam_tally2 module
(seems like a good idea), I'd suggest giving magic_root option
a try (and perhaps evaluate if that would be an acceptable compromise).
--
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20160905/c4666320/attachment-0003.sig>
More information about the Users
mailing list