[Bug 740873] New: PAM ( it seems ) prevents all log in after initial install
https://bugzilla.novell.com/show_bug.cgi?id=740873 https://bugzilla.novell.com/show_bug.cgi?id=740873#c0 Summary: PAM ( it seems ) prevents all log in after initial install Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Pemberton.John.M@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=470804) --> (http://bugzilla.novell.com/attachment.cgi?id=470804) BZIP2'd tar, for ISO(md5sum,isoinfo -d ), all hwinfo, /var/log/* contents. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20100101 Firefox/9.0 Downloaded 12.1 GA image. Verified md5sum. Burned DVD with full verify of burned data. Did not use "automatic configuration", but only so I could specify basic things such as host name, etc. Did new install selecting KDE. Neither root nor any standard User can login, either with graphic login or plain text login prompts, after several attempts. Mounted 12.1 drive on working 11.4 system. Discovered all sorts of highly unexpected complaints from PAM in logs, which appeared to lead to rejection of any log in attempts. It's almost as if the default configuration of PAM, as installed, is faulty. I'll be attaching a BZIP2'd tar, with the "md5sum" output for the ".iso", the "isoinfo -d" output for the ".iso", the complete output of "hwinfo", and the complete contents of all levels of the /var/log directory hierarchy from the installed 12.1 system. Reproducible: Always Steps to Reproduce: 1. Install 12.1 as described on identical hardware 2. Try to log in several times for each of root and ordinary User. 3. You can even try using another running system, to remove or alter passwords in /etc/shadow, result is the same. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c1
--- Comment #1 from John Pemberton
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c2
--- Comment #2 from John Pemberton
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c3
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c4
John Pemberton
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c5
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c6
John Pemberton
Ok. So I would say, the random data looks like a filesystem or hardware problem. The tools seems to work (also yast simply call pam-config). Maybe simply "bad luck".
re - random data: AFAIK, the system messages are not reporting any disk I/O errors. Also, S.M.A.R.T. appears to have been automatically enabled, and that's not reporting any issues, either. I was under the impression, that the installation procedure did attempt a kexec after the first phase of the installation, before trying to complete the installation. That failed. After several minutes of the machine seemingly just sitting there doing nothing, I was effectively forced to restart the machine, to allow the installation to continue. I trust that prior to, or in the course of the kexec attempt, something does a "sync", or I wouldn't be surprised to find junk data in place of valid data blocks. re - pam_apparmor: OK, so if I understand you correctly, copying the pam config. files from 11.4, caused the inconsistency? I executed this on 12.1: rpm -q --whatprovides /etc/pam.d/common-account-pc then attempted to re-install the package that seems to contains the proper 12.1 default config. files: zypper in -f pam-config-0.79-5.1.2.x86_64 which didn't appear to complain. Yet, app_armor is still there. How can I go about re-installing the default 12.1 pam config. files? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c7
--- Comment #7 from Michael Calmer
(In reply to comment #5)
re - pam_apparmor: OK, so if I understand you correctly, copying the pam config. files from 11.4, caused the inconsistency?
yes.
I executed this on 12.1:
rpm -q --whatprovides /etc/pam.d/common-account-pc
then attempted to re-install the package that seems to contains the proper 12.1 default config. files:
zypper in -f pam-config-0.79-5.1.2.x86_64
which didn't appear to complain. Yet, app_armor is still there.
How can I go about re-installing the default 12.1 pam config. files?
That's a little bit tricky. The default configuration is in the "pam" package. It package "common-*" files, without the "-pc". If pam-config is installed it called in %post pam-config --debug --initialize or pam-config --debug --update (if /etc/pam.d/common-auth-pc exists) These commands read the common-* files, generate the *-pc files and create links from common-* to common-*-pc So you can find the default config in the pam package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c8
--- Comment #8 from John Pemberton
https://bugzilla.novell.com/show_bug.cgi?id=740873
https://bugzilla.novell.com/show_bug.cgi?id=740873#c9
John Pemberton
participants (1)
-
bugzilla_noreply@novell.com