Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Incomplete
-
5.5.44
-
red hat 7.2
Description
Connecting USER through PAM authentication. Sometimes it is not possible to connect to a USER created via PAM authentication.
However,I reboot the server. Then I can connect through user via PAM authentication.
I can't connect to the PAM plug-in after deleting it and re-installing it.
Send the PAM config information as shown below.
1) /var/log/secure
Apr 10 15:50:58 robofowd unix_chkpwd[32010]: password check failed for user (S460029)
|
Apr 10 15:50:58 robofowd mysqld: pam_unix(mysql:auth): authentication failure; logname= uid=27 euid=27 tty= ruser= rhost= user=S460029
|
2) my.cnf
[mysqld]
|
datadir=/data_robo/mysql
|
socket=/var/lib/mysql/mysql.sock
|
|
|
# Disabling symbolic-links is recommended to prevent assorted security risks
|
symbolic-links=0
|
|
|
# Settings user and group are ignored when systemd is used.
|
# If you need to run mysqld under a different user or group,
|
# customize your systemd unit file for mariadb according to the
|
# instructions in http://fedoraproject.org/wiki/Systemd
|
|
|
max_connections=2000
|
innodb_flush_log_at_trx_commit=2
|
innodb_buffer_pool_size=128G
|
innodb_log_buffer_size=402653184
|
innodb_log_file_size=268435456
|
plugin_load=auth_pamlog.so
|
port=21398
|
|
|
pam_use_cleartext_plugin
|
|
|
[mysqld_safe]
|
log-error=/var/log/mariadb/mariadb.log
|
pid-file=/var/run/mariadb/mariadb.pid
|
3) /etc/pam.d/system-auth
#%PAM-1.0
|
# This file is auto-generated.
|
# User changes will be destroyed the next time authconfig is run.
|
|
|
# BEGIN OF SECURITY SETTING
|
auth required pam_unity_uac.so
|
auth required pam_tally2.so deny=4 unlock_time=1800
|
account required pam_tally2.so
|
# END OF SECURITY SETTING
|
|
|
auth required pam_env.so
|
auth sufficient pam_unix.so nullok try_first_pass
|
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
auth required pam_deny.so
|
|
|
account required pam_unix.so
|
account sufficient pam_localuser.so
|
account sufficient pam_succeed_if.so uid < 1000 quiet
|
account required pam_permit.so
|
|
|
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= dcredit=-1 lcredit=-1 ocredit=-1
|
password sufficient pam_unity_upv.so pam_unix.so sha512 shadow nullok try_first_pass remember=2
|
password required pam_deny.so
|
|
|
session optional pam_keyinit.so revoke
|
session required pam_limits.so
|
-session optional pam_systemd.so
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session required pam_unix.so
|
4) /etc/pam.d/password-auth
#%PAM-1.0
|
# This file is auto-generated.
|
# User changes will be destroyed the next time authconfig is run.
|
|
|
# BEGIN OF SECURITY SETTING
|
auth required pam_unity_uac.so
|
auth required pam_tally2.so deny=4 unlock_time=1800
|
account required pam_tally2.so
|
# END OF SECURITY SETTING
|
|
|
auth required pam_env.so
|
auth sufficient pam_unix.so nullok try_first_pass
|
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
auth required pam_deny.so
|
|
|
account required pam_unix.so
|
account sufficient pam_localuser.so
|
account sufficient pam_succeed_if.so uid < 1000 quiet
|
account required pam_permit.so
|
|
|
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= dcredit=-1 lcredit=-1 ocredit=-1
|
password sufficient pam_unity_upv.so pam_unix.so sha512 shadow nullok try_first_pass remember=2
|
password required pam_deny.so
|
|
|
session optional pam_keyinit.so revoke
|
session required pam_limits.so
|
-session optional pam_systemd.so
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session required pam_unix.so
|