groupadd: PAM authentication failed

Vincent Blondel vincent at xtra-net.org
Mon Dec 27 06:51:10 PST 2004


Hello All,

I get next error message when I use groupadd :

"groupadd: PAM authentication failed".

I followed blfs book by compiling :

- cracklib-2.7 (excatly as explained in the book)
- Linux-PAM-0.78 (same as the book)
- shadow (but I upgraded to the version of linux unstable book). This is
the way I compiled it :

#!/bin/sh

SHADOW="shadow-4.0.6"

rm -rf $SHADOW
bzcat $SHADOW.tar.bz2 | tar xvf -
cd $SHADOW

LIBS="-lpam -lpam_misc" ./configure --libdir=/lib --enable-shared
--with-libpam --without-libcrack &&

echo '#define HAVE_SETLOCALE 1' >> config.h
sed -i '/extern char/d' libmisc/xmalloc.c

make
make install

cp etc/{limits,login.access} /etc
sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
    -e 's%/var/spool/mail%/var/mail%' < etc/login.defs.linux >
/etc/login.defs

mv /usr/bin/passwd /bin
mv /lib/libshadow.a* /usr/lib
rm -f /lib/libshadow.so

ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so

[ ! -d /etc/default ] && mkdir -p /etc/default

[ -f /bin/groups ] && rm /bin/groups

cat > /etc/pam.d/login << "EOF"
# Begin /etc/pam.d/login

auth        requisite      pam_securetty.so
auth        requisite      pam_nologin.so
auth        required       pam_env.so
auth        required       pam_unix.so
account     required       pam_access.so
account     required       pam_unix.so
session     required       pam_motd.so
session     required       pam_limits.so
session     optional       pam_mail.so     dir=/var/mail standard
session     optional       pam_lastlog.so
session     required       pam_unix.so

# End /etc/pam.d/login
EOF

cat > /etc/pam.d/passwd << "EOF"
# Begin /etc/pam.d/passwd

password    required       pam_cracklib.so  \
       retry=3 difok=8 minlen=5 dcredit=3 ocredit=3 ucredit=2 lcredit=2
password    required       pam_unix.so  md5  shadow  use_authok

# End /etc/pam.d/passwd
EOF

cat > /etc/pam.d/shadow << "EOF"
# Begin /etc/pam.d/shadow

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     required        pam_unix.so
password    required        pam_permit.so

# End /etc/pam.d/shadow
EOF

cat > /etc/pam.d/su << "EOF"
# Begin /etc/pam.d/su

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     required        pam_unix.so

# End /etc/pam.d/su
EOF

cat > /etc/pam.d/useradd << "EOF"
# Begin /etc/pam.d/useradd

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     required        pam_unix.so
password    required        pam_permit.so

# End /etc/pam.d/useradd
EOF

cat > /etc/pam.d/chage << "EOF"
# Begin /etc/pam.d/chage

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     required        pam_unix.so
password    required        pam_permit.so

# End /etc/pam.d/chage
EOF

cat > /etc/pam.d/other << "EOF"
# Begin /etc/pam.d/other

auth        required        pam_deny.so
auth        required        pam_warn.so
account     required        pam_deny.so
session     required        pam_deny.so
password    required        pam_deny.so
password    required        pam_warn.so

# End /etc/pam.d/other
EOF

for opt in LASTLOG_ENAB MAIL_CHECK_ENAB PORTTIME_CHECKS_ENAB CONSOLE
MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN SU_WHEEL_ONLY MD5_CRYPT_ENAB
CONSOLE_GROUPS ENVIRON_FILE OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH
PASS_CHANGE_TRIES PASS_ALWAYS_WARN
do
sed -i "s/$opt/#$opt/" /etc/login.defs
done

As you can see it, this is a mixed version of the one from blfs and
lfs-unstable.  You can also see I didn't patch shadow source code due I
didn't find any patch for PAM, so I suppose this one is no more needed ???

Could you help me please ...

Regards
Vincent




More information about the blfs-support mailing list