From owner-freebsd-questions@FreeBSD.ORG Wed Apr 2 02:40:24 2008 Return-Path: Delivered-To: FreeBSD-Questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EF5B1065672 for ; Wed, 2 Apr 2008 02:40:24 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.freebsd.org (Postfix) with ESMTP id 160A78FC19 for ; Wed, 2 Apr 2008 02:40:23 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.2/8.14.2) with ESMTP id m322eM5v011623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 1 Apr 2008 21:40:22 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.2/8.14.2/Submit) id m322eM14011622; Tue, 1 Apr 2008 21:40:22 -0500 (CDT) (envelope-from dan) Date: Tue, 1 Apr 2008 21:40:22 -0500 From: Dan Nelson To: Chuck Robey Message-ID: <20080402024022.GB29501@dan.emsphone.com> References: <47F2DC8B.1080407@chuckr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47F2DC8B.1080407@chuckr.org> X-OS: FreeBSD 7.0-STABLE User-Agent: Mutt/1.5.17 (2007-11-01) Cc: FreeBSD-Questions@freebsd.org Subject: Re: some pam problem? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2008 02:40:24 -0000 In the last episode (Apr 01), Chuck Robey said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I can't figure out what this message below means to me: > > Mar 31 17:12:02 april sshd[26150]: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() > > I have guessed it meant I had something wrong with my login.access, > but I wasn't able to find anything that looked odd to me. Anyone > know what this message above might mean? Is this an old machine that has been upgraded? From /usr/src/UPDATING: 20070610: The pam_nologin(8) module ceases to provide an authentication function and starts providing an account management function. Consequent changes to /etc/pam.d should be brought in using mergemaster(8). Third-party files in /usr/local/etc/pam.d may need manual editing as follows. Locate this line (or similar): auth required pam_nologin.so no_warn and change it according to this example: account required pam_nologin.so no_warn That is, the first word needs to be changed from "auth" to "account". The new line can be moved to the account section within the file for clarity. Not updating pam.conf(5) files will result in nologin(5) ignored by the respective services. -- Dan Nelson dnelson@allantgroup.com