Justin W wrote:
I've just started the process of virtualizing some of my servers into
one machine. Right now I've been running Fedora releases for my home
server, but keeping up with release cycles are too hard to do,
especially when they usually coincide with me being in school. I
successfully got Centos to run within Fedora using Xen, but now I'm
having problems with logging in.
First, root access is allowed directly when I use virt-manager to
access the xvc0 console. If I `su -' to my user (justin) and then `su
-' again to root, I am prompted for the password, and once entered,
I'm root again.
If I try the same technique when logging into the system as justin
through ssh, I'm not allowed to `su -' to root. When I enter the
password, I am returned with a "incorrect password" message. I know
that the password being entered is correct. Following is the only logs
I could find regarding my failed attempt to su to root (from
/var/log/secure and /var/log/audit/audit.log)
May 31 15:04:24 zeus su: pam_unix(su-l:auth): authentication
failure; logname=justin uid=1000 euid=0 tty=pts/0 ruser=justin
rhost= user=root
type=USER_AUTH msg=audit(1180641866.633:212): user pid=2570 uid=1000
auid=1000 subj=user_u:system_r:unconfined_t:s0 msg='PAM:
authentication acct=root : exe="/bin/su" (hostname=?, addr=?,
terminal=pts/0 res=failed)'
I started digging through PAM to see if I could find anything there
that would be blocking me. I've compared
/etc/pam.d/{su,su-l,system-auth} on my Centos system to my Fedora 6
system and they match each other. I also tried adding pts/0 to
/etc/securetty (though I didn't think it would help), and still I got
nothing.
I've been thinking that I must be restricted in someway based on which
terminal I'm logging into, but I can't find any restrictions. If you
need any more information, I'll be happy to provide logs or
configuration files (I just don't know what is needed).
Thanks
Justin W
I solved my problem. I started changing my root password to see if I
could notice any particular logs coming up that would indicate a failure
anywhere. Lo-and-behold, I was able to log in from my user in SSH! I
could not see why I would be able to log in with one password and not
the other, so I started doing password resetting tests to see if I could
possibly find a bug somewhere (I doubted it, but I was curious anyway).
As I was changing root's password for another test, I accidentally
didn't run passwd before entering the password and I then noticed that
the square brackets ('[' and ']') aren't being read by the virt-manager
terminal. My problem had been solved! My password involved one of the
square brackets (in my mind), but the terminal had never seen them when
I entered the password, so to it, the characters never existed.
'su -'-ing to my user and then back up to root again worked in the
virt-manager terminal because the square brackets were never entered as
far as 'su' was concerned, so it matched the stored password. PuTTY on
the other hand does send the square brackets across the line, so
(unknowingly) "invalid" characters were being put in to my password.
Justin W
