Alain Cochard wrote on Fri, Jul 20 2007 at 11:59 (+0200): > Just a few days ago, I stopped being able to 'su' or 'su some_user' > from a terminal: the passwords are no longer accepted. Same problem > to unlock a session (need to enter the password). > > I can still login OK (as root or any user) from the initial login > screen or when switching user, or from a virtual terminal. > That is what appears in my /var/log/secure file when I try to 'su -' > from a terminal from my account (cochard): > > Jul 19 10:56:49 pcinvit10 su: pam_unix(su-l:auth): authentication > failure; logname=cochard uid=500 euid=500 tty=pts/12 ruser=cochard > rhost= user=root > So I'm stuck here. Thanks in advance for any piece of advice for > investigating further. You may not have noticed, but the problem seems to be that PAM is denying access. Check the file /etc/pam.d/su to see why it may be doing this. My su-file looks like the one attached and is from FC6. You may also want to turn on some 'debug' option flag in the pam modules. However, there is no general debug interface to PAM (unfortunately). Cheers, Andreas. -- http://www.lysium.de/blog
#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so
Attachment:
pgpbZKqj8HKzW.pgp
Description: PGP signature
