Linux
CentOS PAM 無法打開 /etc/pam.d/system-auth
在 gdm 中,我檢查了“需要智能卡登錄”,但忘記添加任何智能卡進行身份驗證。然後我嘗試從 LiveCD 啟動並禁用 SC 身份驗證。出了點問題,現在我無法登錄系統中的任何使用者(對於任何使用者“登錄不正確”,無需提示密碼。來自 /var/log/secure:
May 18 14:50:07 myloginname sshd[5180]: Server listening on 0.0.0.0 port 22. May 17 14:50:07 myloginname sshd[5180]: Server listening on :: port 22. May 17 14:50:28 myloginname polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:32 myloginname pam: gdm-password: gkr-pam: no password is available for user May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth May 17 14:50:36 myloginname pam: gdm-password: gkr-pam: no password is available for user May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:41 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:44 myloginname login: FAILED LOGIN SESSION FROM (null) FOR rppt, Permission denied May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth May 17 14:50:47 myloginname login: FAILED LOGIN SESSION FROM (null) FOR root, Permission denied May 17 14:50:49 myloginname polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) May 17 14:50:51 myloginname sshd[5180]: Received signal 15; terminating.順便說一句,文件 /etc/pam.d/* 還可以,權限也可以。請幫幫我。謝謝!
更新
root@kali:/media/blabla/etc/pam.d# ls -lh total 208K -rw-r--r--. 1 root root 272 Jan 30 2012 atd -rw-r--r--. 1 root root 97 Feb 22 2013 authconfig -rw-r--r--. 1 root root 97 Feb 22 2013 authconfig-gtk -rw-r--r--. 1 root root 97 Feb 22 2013 authconfig-tui -rw-r--r--. 1 root root 192 Nov 21 18:00 chfn -rw-r--r--. 1 root root 192 Nov 21 18:00 chsh -rw-r--r--. 1 root root 232 Nov 21 21:45 config-util -rw-r--r--. 1 root root 293 Nov 21 16:19 crond -rw-r--r--. 1 root root 71 Nov 21 16:18 cvs -rw-r--r--. 1 root root 115 Nov 23 2010 eject -rw-r--r--. 1 root root 71 Oct 28 2012 exim -rw-r--r--. 1 root root 708 Nov 21 22:05 gdm -rw-r--r--. 1 root root 480 Nov 21 22:05 gdm-autologin -rw-r--r--. 1 root root 489 Nov 21 22:05 gdm-fingerprint -rw-r--r--. 1 root root 701 Nov 21 22:05 gdm-password -rw-r--r--. 1 root root 485 Nov 21 20:08 gnome-screensaver -rw-r--r--. 1 root root 147 Oct 5 2009 halt -rw-r--r--. 1 root root 134 Jul 8 2008 kcheckpass -rw-r--r--. 1 root root 134 Jul 8 2008 kscreensaver -rw-r--r--. 1 root root 70 Aug 28 2013 ksu -rw-r--r--. 1 root root 728 Nov 21 18:00 login -rw-r--r--. 1 root root 172 Nov 21 18:35 newrole -rw-r--r--. 1 root root 336 May 26 2011 opcontrol -rw-r--r--. 1 root root 154 Nov 21 21:45 other -rw-r--r--. 1 root root 146 Feb 22 2012 passwd lrwxrwxrwx. 1 root root 16 May 29 2013 password-auth -> password-auth-ac -rw-r--r-- 1 root root 935 May 17 10:42 password-auth-ac -rw-r--r--. 1 root root 155 Sep 19 2013 polkit-1 -rw-r--r--. 1 root root 147 Oct 5 2009 poweroff -rw-r--r--. 1 root root 144 Nov 24 2010 ppp -rw-r--r--. 1 root root 147 Oct 5 2009 reboot -rw-r--r--. 1 root root 613 Nov 21 18:00 remote -rw-r--r--. 1 root root 167 Nov 21 18:35 run_init -rw-r--r--. 1 root root 143 Oct 17 2013 runuser -rw-r--r--. 1 root root 105 Oct 17 2013 runuser-l -rw-r--r--. 1 root root 145 Jun 3 2013 setup -rw-r--r--. 1 root root 575 Nov 25 16:50 sshd -rw-r--r--. 1 root root 341 Nov 25 16:50 ssh-keycat -rw-r--r--. 1 root root 487 Oct 17 2013 su -rw-r--r--. 1 root root 202 Nov 21 18:03 sudo -rw-r--r--. 1 root root 187 Nov 21 18:03 sudo-i -rw-r--r--. 1 root root 137 Oct 17 2013 su-l lrwxrwxrwx. 1 root root 14 May 29 2013 system-auth -> system-auth-ac -rw-r--r-- 1 root root 1.1K May 16 23:01 system-auth~ -rw-r--r-- 1 root root 1.1K May 17 08:44 system-auth-ac -rw-r--r--. 1 root root 97 Feb 22 2013 system-config-authentication -rw-r--r--. 1 root root 97 Jul 22 2013 system-config-date -rw-r--r--. 1 root root 97 Feb 21 2013 system-config-kdump -rw-r--r--. 1 root root 97 Jun 12 2013 system-config-keyboard -rw-r--r--. 1 root root 97 Nov 24 2010 system-config-network -rw-r--r--. 1 root root 97 Nov 24 2010 system-config-network-cmd -rw-r--r--. 1 root root 118 Oct 18 2012 system-config-users -rw-r--r--. 1 root root 233 Mar 31 19:00 wireshark -rw-r--r--. 1 root root 163 Dec 23 21:36 xserver root@kali:/media/blabla/etc/pam.d# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid #auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so root@kali:/media/blabla/etc/pam.d# cat password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so #auth required pam_deny.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
是的,明白了!伙計們是對的。配置文件的 selinux 上下文已損壞。
趕緊跑
restorecon -Rv /etc/pam.d
signle init=/bin/bash在 GRUB的單使用者模式下 。然後重新啟動並等待文件系統被 selinux 自動關聯。就是這樣!
更新:對於那些想要禁用 SC 身份驗證的人:轉到
/etc/sysconfig/authconfig並設置FORCESMARTCARD和USESMARTCARD到no. 不要試圖刪除任何文件/etc/pam.d!;)