=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok...since PAM is so "nested" here are some comments based on your logs:
1. > Aug 21 14:24:11 server sshd[28655]: Could not reverse map address
> 10.10.10.10
Check if/how you are using TCPWrappers with SSHD=20
2. > Aug 21 14:24:11 server sshd[28655]: PAM unable to resolve symbol:
> pam_sm_acct_mgmt
See:
http://www.opengroup.org/onlinepubs/8329799/pam_sm_acct_mgmt.htm
There should also be something about it under: /usr/share/doc/
Looks like you have a bad module stack order, typo, or bad option set for a=
=20
module in one of your /etc/pam.d/* files.
IIRC PAM with sshd uses /etc/pam.d/login along with /etc/pam.d/sshd to figu=
re=20
out what to do or not do when you log on.
It may take a little experimentation to get this fixed.=20
Make sure you have a root console open so you don't lock yourself out in ca=
se
something doesn't work!
On Thursday 21 August 2003 05:34 pm, Bill Warner wrote:
> Mine is close to the same. I added the:
> account required pam_nologin.so
> because it wasn't there. It didn't seem to help. The only other error
> message I get is in auth.log wich says:
>
> Aug 21 14:24:11 server sshd[28655]: PAM unable to resolve symbol:
> pam_sm_acct_mgmt
> Aug 21 14:24:11 server sshd[28655]: Could not reverse map address
> 10.10.10.10
> Aug 21 14:24:15 server sshd[28655]: PAM rejected by account
> configuration[28]: Module is unknown
> Aug 21 14:24:15 server sshd[28655]: Failed password for user from
> 10.10.10.10 port 57378 ssh2
> Aug 21 14:24:15 server sshd[28655]: fatal: monitor_read: unsupported
> request: 24
>
> if I do passwd user and change his password it then works???? I don't
> get it...
>
> Thanks for the help though
>
> On Thu, 2003-08-21 at 13:50, J.L.Francois wrote:
> > > > What is in your /etc/pam.d/sshd?
> >
> > I have:
> > =3D=3D=3D=3D=3D
> > #%PAM-1.0
> > auth required pam_unix.so
> > auth required pam_nologin.so
> > auth required pam_env.so
> > account required pam_unix.so
> > account required pam_nologin.so
> > password required pam_pwcheck.so nullok md5 remember=3D5
> > password sufficient /lib/security/pam_unix.so nullok use_authtok
> > shadow password required pam_unix.so nullok use_first_pass
> > use_authtok session required pam_unix.so # trace or debug
> > session required pam_limits.so
> > =3D=3D=3D=3D=3D
> >
> > and it works here with SuSE Linux Enterprise Server 8.
> >
> > HTH. HAND.
> >
> > On Thursday 21 August 2003 04:41 pm, Bill Warner wrote:
> > > anyone know why when a password expires with passwd -e <user> or its
> > > time expires I can't change it while logging in with ssh.
> > >
> > > > $ ssh server
> > > > user@server's password:
> > > > Connection to qbb closed by remote host.
> > > > Connection to qbb closed.
> > >
> > > If I log in with telnet it lets me change the password
> >
> > [snipped]
> >
> > - --
> > begin sig.txt
> > Jean L. Francois - Enterprise Linux Architect ( JLF Sends... )
> > Ciber, Inc. @ FSIC - Ford Systems Integration Center
> > "Failure is only postponed success as long as courage
> > 'coaches' ambition. The habit of persistence is the
> > habit of victory."
> > end
> >
> >
=2D --=20
begin sig.txt
Jean L. Francois - Enterprise Linux Architect
http://unix.ford.com/~jfranc46/
Ciber, Inc. @ FSIC - Ford Systems Integration Center
"Failure is only postponed success as long as courage
'coaches' ambition. The habit of persistence is the
habit of victory."
end
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: No Good Deed Goes Unpunished
iD8DBQE/RhZZgP5boHtr6J8RAliKAJ410a0K0V3bplRPygRWDs+cpp0OtACgtXUW
79QU06ymS/AsvYjaO12S4G4=3D
=3DHovg
=2D----END PGP SIGNATURE-----
(text/plain)