Date: Tue, 1 Apr 2008 21:40:22 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Chuck Robey <chuckr@chuckr.org> Cc: FreeBSD-Questions@freebsd.org Subject: Re: some pam problem? Message-ID: <20080402024022.GB29501@dan.emsphone.com> In-Reply-To: <47F2DC8B.1080407@chuckr.org> References: <47F2DC8B.1080407@chuckr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Apr 01), Chuck Robey said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I can't figure out what this message below means to me:
>
> Mar 31 17:12:02 april sshd[26150]: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate()
>
> I have guessed it meant I had something wrong with my login.access,
> but I wasn't able to find anything that looked odd to me. Anyone
> know what this message above might mean?
Is this an old machine that has been upgraded? From /usr/src/UPDATING:
20070610:
The pam_nologin(8) module ceases to provide an authentication
function and starts providing an account management function.
Consequent changes to /etc/pam.d should be brought in using
mergemaster(8). Third-party files in /usr/local/etc/pam.d may
need manual editing as follows. Locate this line (or similar):
auth required pam_nologin.so no_warn
and change it according to this example:
account required pam_nologin.so no_warn
That is, the first word needs to be changed from "auth" to
"account". The new line can be moved to the account section
within the file for clarity. Not updating pam.conf(5) files
will result in nologin(5) ignored by the respective services.
--
Dan Nelson
dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080402024022.GB29501>