Tuesday, 3 March 2020

PAM says "No"

I saw this yesterday: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5
Mar  2 11:19:32 korath sudo: pam_unix(sudo:auth): auth could not identify password for [bloggsj]
Mar  2 11:19:32 korath sudo:    bloggsj : 1 incorrect password attempt ; TTY=pts/0 ; PWD=/var/bloggsj ; USER=root ; COMMAND=/bin/bash

after changing a user's password.

He was trying/failing to run sudo bash even though he was in the right group, and was using the right password ....

Assuming that Pluggable Authentication Module (PAM) was getting in the way, I checked the PAM Tally: -

pam_tally --user=bloggsj

and even reset it: -

pam_tally --user=bloggsj --reset

but to no avail.

Then I re-read the message: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5

Yep, the offending module is pam_tally2 !

Once I did the needful: -

pam_tally2 --user=bloggsj --reset

all was good.

For the record: -

https://xkcd.com/149/

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...