PAM authentication error while login to HP-UX 11.23 (476 Views)
Reply
Occasional Visitor
Feji
Posts: 2
Registered: ‎04-23-2013
Message 1 of 3 (476 Views)

PAM authentication error while login to HP-UX 11.23

[ Edited ]

Hi All,

 

Am getting below error while login to the server. This user account is created newly and is a local account.

 

 

sshd[16187]: error: PAM: User account has expired for xxxxx

 

 

# cat /etc/nsswitch.conf
passwd:       files [NOTFOUND=continue] ldap

 

cat /etc/pam.conf

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass

 

Please help me to resolve the issue.

 

 

P.S. This thread has been moved from HP-UX > System Administration to HP-UX > security - HP Forums Moderator

 

 

 

Please use plain text.
Regular Advisor
laiju.c.babu
Posts: 122
Registered: ‎07-06-2008
Message 2 of 3 (406 Views)

Re: PAM authentication error while login to HP-UX 11.23

Hi,

 

Please attach the pam.conf file and the error you are getting while connecting to the server

Laiju.C.Babu
Please use plain text.
Occasional Visitor
Feji
Posts: 2
Registered: ‎04-23-2013
Message 3 of 3 (370 Views)

Re: PAM authentication error while login to HP-UX 11.23

 # cat sshd_config | grep -v "^#" | grep -v "^$"

Protocol 2

HostKey /opt/ssh/etc/ssh_host_rsa_key

HostKey /opt/ssh/etc/ssh_host_dsa_key

MaxAuthTries 10

HostbasedAuthentication yes

IgnoreUserKnownHosts yes

PasswordAuthentication yes

PermitEmptyPasswords no

UsePAM yes

X11Forwarding yes

PrintMotd no

UseDNS yes

Subsystem       sftp    /opt/ssh/libexec/sftp-server

 

Message from syslog:-

 

May  7 07:34:59 xxxxxxx sshd[5011]: SSH: Server;Ltype: Version;Remote: zzzzzzz-50885;Protocol: 2.0;Client: OpenSSH_4.3

May  7 07:35:04 xxxxxxxx sshd[5011]: error: PAM: User account has expired for yyyyyy from zzzzzzz

May  7 07:35:07 xxxxxxx sshd[5011]: Failed password for yyyyyyy  from zzzzzzz port 50885 ssh2

 

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/wwwwww/.ssh/id_rsa

debug3: no such identity: /home/wwwwwww/.ssh/id_rsa

debug1: Trying private key: /home/wwwwww/.ssh/id_dsa

debug3: no such identity: /home/wwwwww/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

yyyyyyy@xxxxxxx's password:

debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)

debug2: we sent a password packet, wait for reply

Connection closed by zzzzzzzzz

bash-3.00$

 

# Authentication management
#
login    auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
login    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
login    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
su       auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
su       auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
su       auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtlogin  auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
dtaction auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
dtaction auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
ftp      auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
ftp      auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
rcomds   auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
sshd     auth required          /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
sshd     auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
OTHER    auth sufficient        /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    auth required          /usr/lib/security/$ISA/libpam_ldap.so.1 try_first_pass
#
# Account management
#
login    account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
login    account required       /usr/lib/security/$ISA/libpam_authz.so.1
login    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
login    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
su       account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
su       account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
su       account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_authz.so.1
dtlogin  account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtlogin  account required       /usr/lib/security/$ISA/libpam_ldap.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
dtaction account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
dtaction account required       /usr/lib/security/$ISA/libpam_ldap.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
ftp      account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
ftp      account required       /usr/lib/security/$ISA/libpam_ldap.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
rcomds   account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
rcomds   account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
sshd     account required       /usr/lib/security/$ISA/libpam_hpsec.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_authz.so.1
sshd     account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
sshd     account required       /usr/lib/security/$ISA/libpam_ldap.so.1 rcommand
OTHER    account required       /usr/lib/security/$ISA/libpam_authz.so.1
OTHER    account sufficient     /usr/lib/security/$ISA/libpam_unix.so.1
OTHER    account required       /usr/lib/security/$ISA/libpam_ldap.so.1  rcommand
#

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation