Weird error with authentication (PAM)

Issues related to applications and software problems
Post Reply
darkensraven
Posts: 2
Joined: 2019/06/26 11:01:04

Weird error with authentication (PAM)

Post by darkensraven » 2019/06/26 11:11:40

Hi everyone!

I'm having a weird issue on few of my customer servers and I still couldn't figure out why.
The problem is, I can login to these CentOS 7 (vmware) servers from SSH from root user with no problem but when I execute a command that requires sudo permissions I keep getting this weird password prompt:

[root@server ~]# sudo ifconfig
[sudo] password for %p:

Since I am logged in as root user this shouldn't be happening. But thats not even it! When I input the right password it keeps asking me around 6 more times.

[root@server ~]# sudo ifconfig
[sudo] password for %p:
[sudo] password for %p:
[sudo] password for %p:
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
*ifconfig opens*

But when I execute anything without sudo it opens with no problems.

[root@server ~]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
*ifconfig opens*

The weirdest part is that %p thing. I don't know why it is %p and not just root.

This server is a cPanel hosting server and we are running bunch of crons at the background. Since we can't execute anything using sudo, Some crons stopped working as well. We need urgent help with this please.

When I execute journalctl -xe Im seeing these weird lines:

Jun 26 07:09:02 server.myserver.com crond[27267]: pam_access(crond:account): auth could not identify password for [root]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_localuser(crond:account): auth could not identify password for [root]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [uid]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [<]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [1000]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [quiet]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: pam_succeed_if(crond:account): auth could not identify password for [root]
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: (root) PAM ERROR (Authentication information cannot be recovered)
Jun 26 07:09:02 server.mycpanelserver.com crond[27267]: (root) FAILED to authorize user with PAM (Authentication information cannot be recovered)

I also see these some times:

Jun 26 07:06:22 server.mycpanelserver.com sudo[27105]: pam_succeed_if(sudo:session): conversation failed
Jun 26 07:06:22 server.mycpanelserver.com sudo[27105]: pam_succeed_if(sudo:session): auth could not identify password for [root]
Jun 26 07:06:22 server.mycpanelserver.com sudo[27105]: pam_unix(sudo:session): session closed for user root

Weird right?

I tried changing the root user password, rebooting, updating with yum -y update nothing worked.

Please help me ASAP. I have 6 servers like this and Im pretty sure I wasn't hacked.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Weird error with authentication (PAM)

Post by TrevorH » 2019/06/26 15:29:19

Unfortunately cpanel fiddle with sudo so you need to ask them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

darkensraven
Posts: 2
Joined: 2019/06/26 11:01:04

Re: Weird error with authentication (PAM)

Post by darkensraven » 2019/06/26 19:18:57

TrevorH wrote:
2019/06/26 15:29:19
Unfortunately cpanel fiddle with sudo so you need to ask them.
Hi there,

I will also create a topic on cPanel forums and include the link here just in case if anyone else encounters the same problem.
I think this is related to PAM. I think all can be alright if we can prevent these sudo messages from appearing. Can we do that in PAM config or would it be too sketchy? Im not quite sure on what to do here actually.

EDIT: cPanel Forums topic can be found here https://forums.cpanel.net/threads/weird ... am.656027/

Post Reply