[SOLVED] nothing but authentication failures

Support for security such as Firewalls and securing linux
Post Reply
User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

[SOLVED] nothing but authentication failures

Post by warron.french » 2017/08/25 14:10:49

I am having a lot of authentication problems and I didn't make any changes to cause them. I am the only person that has EVER logged into the system - a RHEL 7 Server. This server is running as a VM in VMware ESXi (I honestly don't know which version).

The problem first presented itself when attempting to remote in with SSH. I used pam_tally2 --user=syswfrench --reset and tried again - no luck!

I checked MaxAuthTries in /etc/ssh/sshd_config and bumped it up from 1 to 2 and restarted sshd. Still no luck.
I checked pam_tally2 again, I had to re-run pam_tally2 --user=syswfrench --reset.

I tried sudo su - syswfrench; no luck!
I reset my password again - tried SSH and SUDO again; no luck!

I do have an RSA public key in my homedir on the remote host that I am SSH'ing into, but I am not using it anyway - I don't have that key on my Windows Lab machine (I know right!).

I even cleared the password hash out of the /etc/shadow file; and then attempted an su - syswfrench - still no luck.
I do have a homedir reference, that directory does exist.
I am not using IPA/LDAP I am only using /etc/passwd|/etc/shadow files for authentication.
I am not using NFS in the slightest.

I just tested the following:
$root> su - sysadm
$sysadm> su - syswfrench
Authentication fails.

$root> su - syswfrench
SUCCESS!!!


Please help!!!
Last edited by warron.french on 2017/08/25 14:57:37, edited 1 time in total.
Thanks,
War

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

[SOLVED] nothing but authentication failures

Post by warron.french » 2017/08/25 14:57:23

Wheh! Problem was that my the person who engineered the solution had both

pam_faillock.so and pam_tally2.so listed in the files

/etc/pam.d/system-auth-ac and also password-auth-ac.

We removed one of them and the problem immediately went away.

Part of the problem is that pam_tally2 and faillock reference different sources and so a failure of password authentication increments both by +1; and if you only clear out the failure with pam_tally2 --user syswfrench --reset you still have a failure count greater than 0; which is a problem still.

So, lesson learned!
Thanks,
War

Post Reply