I am struggeling with an error in REHL 7. I have a REHL Image witch is accessible only over SSH key without user/password credentials.
To prevent the password renew process after 90 days (which is not possible with SSH key) I added the no_pass_expiry in my etc/pam.d/password-auth
but then i receive the following error when i try to sudo
pam.d]$ sudo su -
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
this only occures after the 90 day.
您的密码可能已过期。例如...这是带有过期用户的 sudo:
[user@server ~]$ sudo whoami
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
[user@server ~]$
[user@server ~]$ chage -l user
Last password change : May 07, 2018
Password expires : Aug 05, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 10
现在,如图所示,重置过期标志后,sudo 按预期工作:
[root@server]# chage -m 0 -M 99999 -I -1 -E -1 user
[root@server]# chage -l user
Last password change : May 07, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 10
[user@server ~]$ sudo whoami
root
/var/log/secure您可以通过检查下面列出的类似消息来确认这一点:
Feb 27 16:59:14 server sudo: pam_unix(sudo:account): expired password for user user (password aged)
Feb 27 16:59:14 server sudo: user : TTY=pts/0 ; PWD=/home/user ; USER=anotheruser ; COMMAND=/usr/bin/whoami
| 归档时间: |
|
| 查看次数: |
22895 次 |
| 最近记录: |