Re: PAM authentication error while login to HP-UX 11.23 (524 Views)
Reply
Occasional Visitor
Feji
Posts: 2
Registered: ‎04-23-2013
Message 1 of 3 (630 Views)

PAM authentication error while login to HP-UX 11.23

[ Edited ]

Hi All,

 

Am getting below error while login to the server. This user account is created newly and is a local account.

 

 

sshd[16187]: error: PAM: User account has expired for xxxxx

 

 

# cat /etc/nsswitch.conf
passwd:       files [NOTFOUND=continue] ldap

 

cat /etc/pam.conf

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass

 

Please help me to resolve the issue.

 

 

P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security - HP Forums Moderator

 

 

 

Regular Advisor
laiju.c.babu
Posts: 123
Registered: ‎07-06-2008
Message 2 of 3 (560 Views)

Re: PAM authentication error while login to HP-UX 11.23

Hi,

 

Please attach the pam.conf file and the error you are getting while connecting to the server

Laiju.C.Babu
Occasional Visitor
Feji
Posts: 2
Registered: ‎04-23-2013
Message 3 of 3 (524 Views)

Re: PAM authentication error while login to HP-UX 11.23

 # cat sshd_config | grep -v "^#" | grep -v "^$"

Protocol 2

HostKey /opt/ssh/etc/ssh_host_rsa_key

HostKey /opt/ssh/etc/ssh_host_dsa_key

MaxAuthTries 10

HostbasedAuthentication yes

IgnoreUserKnownHosts yes

PasswordAuthentication yes

PermitEmptyPasswords no

UsePAM yes

X11Forwarding yes

PrintMotd no

UseDNS yes

Subsystem       sftp    /opt/ssh/libexec/sftp-server

 

Message from syslog:-

 

May  7 07:34:59 xxxxxxx sshd[5011]: SSH: Server;Ltype: Version;Remote: zzzzzzz-50885;Protocol: 2.0;Client: OpenSSH_4.3

May  7 07:35:04 xxxxxxxx sshd[5011]: error: PAM: User account has expired for yyyyyy from zzzzzzz

May  7 07:35:07 xxxxxxx sshd[5011]: Failed password for yyyyyyy  from zzzzzzz port 50885 ssh2

 

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/wwwwww/.ssh/id_rsa

debug3: no such identity: /home/wwwwwww/.ssh/id_rsa

debug1: Trying private key: /home/wwwwww/.ssh/id_dsa

debug3: no such identity: /home/wwwwww/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

yyyyyyy@xxxxxxx's password:

debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)

debug2: we sent a password packet, wait for reply

Connection closed by zzzzzzzzz

bash-3.00$

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
su       auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
su       auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
su       auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtlogin  auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtaction auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtaction auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
ftp      auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
ftp      auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
rcomds   auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
sshd     auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
sshd     auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
OTHER    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
#
# Account management
#
login    account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
login    account required       /usr/lib/security/$ISA/libpam_authz.so.1
login    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
login    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
su       account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
su       account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
su       account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_authz.so.1
dtlogin  account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_ldap.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_ldap.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
sshd     account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_authz.so.1
sshd     account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
OTHER    account required       /usr/lib/security/$ISA/libpam_authz.so.1
OTHER    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
#

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.