This content has been marked as final. Show 16 replies
A session module is used after a user has been authenticated and performs additional tasks which are needed to allow access, for example, mounting the user's home directory or making their mailbox available.
If your /etc/pam.d/login is indeed the problem I suggest you restore a backup.
Below is the content of a default OL 6.3 installation, which works:
[root@vm023 pam.d]# cat login
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
-session optional pam_ck_connector.so
I have no idea what -session in front of the pam_ck_connector.so is supposed to do, which seems apparent in all 6.x installations, but it does not stop users from login in.
The followings are messages in /var/log/secure. Again, if I commented out the line before the last one in /etc/pam.d/login, then eveything is fine. /etc/security/limits.conf file is the same with the other system and that system is alright:
eb 6 16:35:43 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
Feb 6 16:35:43 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
Feb 6 16:35:43 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Feb 6 16:35:44 sysxyz login: Error in service module
Feb 6 16:35:49 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
Feb 6 16:35:49 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
Feb 6 16:35:49 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Feb 6 16:35:49 sysxyz login: Error in service module
The following is outputs. Thank you very much for your time.
[root@sysxyz ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@sysxyz ~]# ls -l /etc/security/limits.conf
-rw-r--r--. 1 root root 2623 Jun 8 2011 /etc/security/limits.conf
[root@sysxyz ~]# ls -ld /etc
drwxr-xr-x. 124 root root 12288 Feb 9 16:44 /etc
[root@sysxyz ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 26
Policy from config file: targeted
the issue is fixed by using your first suggested command. What does 'restorecon..' do? this command did not chnage anything in limits.conf file, but got the following output. What changes being made as the result of running this command? Thank you so much for your help!
# restorecon -v './limits.conf'
restorecon reset /etc/security/limits.conf context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:etc_t:s0
Edited by: 943714 on Feb 10, 2013 10:42 AM
root lvm is the same, we did not make changes to it. I don't know much about SELinux. Would you please explain to me on what went wrong here with SELinux? and what changes did restorecon make and fix the issue? We made some changes to limits.conf, had these changes caused the problem? but there are no any change being made after running 'recovercon'. the following are changes we made to limits.conf:
# diff limits.conf limits.conf.orig
< oracle soft nofile 131072
oracle soft nofile 102449c49
< oracle hard nofile 131072
oracle hard nofile 6553662,67d61
< oracle hard memlock 50000000
< oracle soft core unlimited
< oracle hard core unlimited
< oracle hard nproc 131072
< oracle soft nproc 131072
If you have time, please let me know, otherwise, this issue is resolved and thank you very much for your times.
Edited by: 943714 on Feb 11, 2013 4:11 AM
Edited by: 943714 on Feb 11, 2013 6:51 AM