Tuesday, 3 March 2020

PAM says "No"

I saw this yesterday: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5
Mar  2 11:19:32 korath sudo: pam_unix(sudo:auth): auth could not identify password for [bloggsj]
Mar  2 11:19:32 korath sudo:    bloggsj : 1 incorrect password attempt ; TTY=pts/0 ; PWD=/var/bloggsj ; USER=root ; COMMAND=/bin/bash

after changing a user's password.

He was trying/failing to run sudo bash even though he was in the right group, and was using the right password ....

Assuming that Pluggable Authentication Module (PAM) was getting in the way, I checked the PAM Tally: -

pam_tally --user=bloggsj

and even reset it: -

pam_tally --user=bloggsj --reset

but to no avail.

Then I re-read the message: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5

Yep, the offending module is pam_tally2 !

Once I did the needful: -

pam_tally2 --user=bloggsj --reset

all was good.

For the record: -

https://xkcd.com/149/

No comments:

PAM says "No"

I saw this yesterday: - Mar  2 11:19:32 korath sudo: pam_tally2 (sudo:auth): user bloggsj (12024) tally 51, deny 5 Mar  2 11:19:32 korath...