[TAG] PAM auth failure - can't login in.

Radick Radick
Thu Apr 14 13:38:01 MSD 2005 

 

-----Original Message-----
From: Benjamin A. Okopnik [mailto:ben at callahans.org] On Behalf Of Benjamin
To: TAG <tag at lists.linuxgazette.net>
A. Okopnik
Sent: Tuesday, April 12, 2005 5:27 PM
To: Radick, Don (IHG)
Cc: The Answer Gang
Subject: Re: [TAG] PAM auth failure - can't login in.

[ cc'd back to TAG ]

Hi, Don -

Please reply to the list instead of just me; thanks.

On Tue, Apr 12, 2005 at 02:43:15PM -0400, Radick, Don (IHG) wrote:
> 
> Thanks Ben -
> 
> I'd scanned that article when it first came out, and thanked my lucky 
> stars that I didn't have those problems!
> (until now)
> 
> I'll give you feedback on what works.
> Hopefully it won't take me 10 days.

[ snip of previous email ]

Good luck! Oh, and check out the "Asking Questions of The Answer Gang"
FAQ, at <http://linuxgazette.net/tag/ask-the-gang.html>; there's a lot of
helpful info there, including [cough] a request to avoid top-posting.
:) We're always glad to help people with their Linux problems, but the
emphasis is on "people" - these conversations are published in LG so they
may help more than just the person asking the question - and it gets to be
rather painful for the people doing the formatting if standard email
etiquette isn't followed.


* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://linuxgazette.net *


Sorry, my original got munched in the reply - 

To recap, something happened to my hard drive, I did a graceful shutdown,
and on reboot could login as root, but not as my user account.  Further
attempts got "startx" to emit a "PAM authentication failure", but no real
messages that might help in various log files.

So far: 
	tried Ben's "strace" tip - got a 67MB file for user attempt at
login, and a 20MB file for successful root login.  Closer inspect showed a
ton of repeated lines for SNDCTRL ioctl. weird.

Anyways, that got no diagnostics, when filtered down from the noise.
Looked at various lib files permissions - no progress.
"rpm -Va" gave a bunch of information, but nothing conclusive for
critical system and login files.
Ditto for searching for SUID files.

Suspected hack, so played with "chkrootkit", and chkproc shows 18 procesess
hidden from readdir and ps.
Is this a problem?


-THX
-Don

More information about the TAG mailing list