Hi There,
on the namend system i have the following errors after performing yum updates:
Aug 12 13:36:20 crond[27308]: (CRON) STARTUP (V5.0)
Aug 12 13:37:01 crond[27310]: Permission denied
Aug 12 13:37:01 crond[27310]: CRON (root) ERROR: failed to open PAM security session: Success
Aug 12 13:37:01 crond[27310]: CRON (root) ERROR: cannot set security context
Aug 12 13:37:01 crond[27311]: Permission denied
Aug 12 13:37:01 crond[27311]: CRON (root) ERROR: failed to open PAM security session: Success
Aug 12 13:37:01 crond[27311]: CRON (root) ERROR: cannot set security context
pam.d/crond look like this:
cat crond
#
# The PAM configuration file for the cron daemon
#
#
auth sufficient pam_env.so
auth required pam_rootok.so
auth include system-auth
account required pam_access.so
account include system-auth
session required pam_loginuid.so
session include system-auth
I have'nt found the anything matching this issue.
Any Ideas to solve this..?
#################
//Edit
Ok, figured ou that the reason is to find in /etc(pam.d/system-auth. There i have changed the lines:
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session optional pam_keyinit.so revoke
session required pam_limits.so
session requires pam_winbind.so use_first_pass
session required pam_unix.so
because of when the succese part is placed after pam_unix.so the crond causes segfaults in /var/log/messages. But when it is configured as shown above, the pam errors occure...
Thanks in advance.
Regards,
brick1
[SOLVED] CentOS 5.6 64Bit - crond (5.0) error messages
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
[SOLVED] CentOS 5.6 64Bit - crond (5.0) error messages
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.
The errors appear to be due to SELinux. Is it in enforcing mode? Have you tried relabeling the filesystem?
The errors appear to be due to SELinux. Is it in enforcing mode? Have you tried relabeling the filesystem?
Re: CentOS 5.6 64Bit - crond (5.0) error messages
Hi pschaff,
no, SELinux is disabled so it cannot cause this error. I have fixed this in that way that i have copied the system-auth content from another system with same CentOS looks liket his:
[code]
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[/code]
and restarted crond, that has fixed it.
Thanks a Lot :)
Regards,
brick1
no, SELinux is disabled so it cannot cause this error. I have fixed this in that way that i have copied the system-auth content from another system with same CentOS looks liket his:
[code]
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
[/code]
and restarted crond, that has fixed it.
Thanks a Lot :)
Regards,
brick1
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: [SOLVED] CentOS 5.6 64Bit - crond (5.0) error messages
Thanks for reporting back. Marking this thread [SOLVED] for posterity.
Disabling SELinux may be something to reconsider, given that it is one of the flagship security features of this Enterprise Linux family.
Disabling SELinux may be something to reconsider, given that it is one of the flagship security features of this Enterprise Linux family.