[gentoo-user] Authentication Issues

[gentoo-user] Authentication Issues

[Kris Kerwin]

Hi all,

I just performed a new Gentoo install, and am having a couple of issues 
regarding authentication. I think that the problem is something to do with 
PAM/Shadow. (No ... it's not the blocking issue between pam-login and 
shadow).

I run a single user system with just users for myself (username: kris) and 
root. I cannot su into the root account from my personal account. I have 
added kris to the group wheel using the `gpasswd -a kris wheel', but still 
cannot su. I verified that kris is in the wheel group by logging in and 
trying the `groups' command. 

Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth 
required pam_wheel.so use_uid', as the comment above it states that doing so 
will allow users who are not in the wheel group to su. Still, no joy. Other 
comments in that file state that you may give explicit rights to specific 
users by creating the file `/etc/security/suauth.allow' with each allowed 
user on their own line. Still, no joy.

On a (possibly) related note: while trying to switch from a graphical login to 
a virtual console to work on some of these problems, I found that the usual 
Ctrl-Alt-F* incantation did not work. The only way to switch to a virtual 
console was to right click on the desktop and go through the `Switch User' 
menu function on KDE. Further, when switching back to the graphical login 
from the console, I found that the screensaver had come on and had locked the 
desktop (though this was disabled within KDE's configuration). The big 
problem, however, came when I could not unlock the screensaver with my 
password.

Also, kris' attempts to change his passwd are met with the error: 
`Authentication token manipulation error'.

Thanks in advance for all of your help. System information is appended below.

Kris Kerwin



========== System Info ==========

I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the 
following system: 

Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6, 
glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686)
=================================================================
System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer 
notitles sandbox sfperms strict userpriv"
GENTOO_MIRRORS="http://distfiles.gentoo.org 
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/tmp/build"
PORTDIR="/usr/target/ports"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm audiofile 
avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga divx4linux 
dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd ethereal f77 
font-server foomaticdb fortran gdbm gif gnome gpm gstreamer gtk gtk2 heimdal 
icq imlib ipv6 isdnlog jabber java javascript jikes joystick jpeg kde 
kerberos koffice-plugin libg++ libwww mad mikmod mime motif mp3 mpeg mplayer 
msn ncurses nls nocd nptl offensive ogg opengl oscar oss pam pcre pda pdflib 
perl png posix pppd python qt qt3 qt4 quicktime readline real reflection sdl 
session smime spell spl sse ssl svg tcpd truetype truetype-fonts type1-fonts 
udev unicode usb videos vorbis wmf xine xinerama xml xmms xorg xscreensaver 
xv yahoo zlib elibc_glibc input_devices_keyboard input_devices_mouse 
input_devices_evdev kernel_linux userland_GNU video_cards_radeon"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, 
LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
-- 
gentoo-user@gentoo.org mailing list

[SOLVED] Re: [gentoo-user] Authentication Issues

[Kris Kerwin]

Problem fixed.

/etc/fstab had the root file system mounted with the users option, which 
disabled the requisite setuid bit on the /bin/su executable, thereby 
preventing me from su'ing to root from a non-root user. This was despite the 
fact that the non-root user was in the wheel group.

Thanks again for your help.

Kris Kerwin

On Wednesday 02 August 2006 01:10, Kris Kerwin wrote:
> Hi all,
>
> I just performed a new Gentoo install, and am having a couple of issues
> regarding authentication. I think that the problem is something to do with
> PAM/Shadow. (No ... it's not the blocking issue between pam-login and
> shadow).
>
> I run a single user system with just users for myself (username: kris) and
> root. I cannot su into the root account from my personal account. I have
> added kris to the group wheel using the `gpasswd -a kris wheel', but still
> cannot su. I verified that kris is in the wheel group by logging in and
> trying the `groups' command.
>
> Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth
> required pam_wheel.so use_uid', as the comment above it states that doing
> so will allow users who are not in the wheel group to su. Still, no joy.
> Other comments in that file state that you may give explicit rights to
> specific users by creating the file `/etc/security/suauth.allow' with each
> allowed user on their own line. Still, no joy.
>
> On a (possibly) related note: while trying to switch from a graphical login
> to a virtual console to work on some of these problems, I found that the
> usual Ctrl-Alt-F* incantation did not work. The only way to switch to a
> virtual console was to right click on the desktop and go through the
> `Switch User' menu function on KDE. Further, when switching back to the
> graphical login from the console, I found that the screensaver had come on
> and had locked the desktop (though this was disabled within KDE's
> configuration). The big problem, however, came when I could not unlock the
> screensaver with my password.
>
> Also, kris' attempts to change his passwd are met with the error:
> `Authentication token manipulation error'.
>
> Thanks in advance for all of your help. System information is appended
> below.
>
> Kris Kerwin
>
>
>
> ========== System Info ==========
>
> I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the
> following system:
>
> Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6,
> glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686)
> =================================================================
> System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz
> Gentoo Base System version 1.6.15
> app-admin/eselect-compiler: [Not Present]
> dev-lang/python:     2.4.3-r1
> dev-python/pycrypto: 2.0.1-r5
> dev-util/ccache:     [Not Present]
> dev-util/confcache:  [Not Present]
> sys-apps/sandbox:    1.2.17
> sys-devel/autoconf:  2.13, 2.59-r7
> sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
> sys-devel/binutils:  2.16.1-r3
> sys-devel/gcc-config: 1.3.13-r3
> sys-devel/libtool:   1.5.22
> virtual/os-headers:  2.6.11-r2
> ACCEPT_KEYWORDS="x86"
> AUTOCLEAN="yes"
> CBUILD="i686-pc-linux-gnu"
> CFLAGS="-march=pentium4 -O3 -pipe"
> CHOST="i686-pc-linux-gnu"
> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
> /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
> /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
> /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf
> /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=i686 -pipe"
> DISTDIR="/usr/portage/distfiles"
> FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer
> notitles sandbox sfperms strict userpriv"
> GENTOO_MIRRORS="http://distfiles.gentoo.org
> http://distro.ibiblio.org/pub/linux/distributions/gentoo"
> MAKEOPTS="-j3"
> PKGDIR="/usr/portage/packages"
> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
> --compress --force --whole-file --delete --delete-after --stats
> --timeout=180 --exclude='/distfiles' --exclude='/local'
> --exclude='/packages'" PORTAGE_TMPDIR="/tmp/build"
> PORTDIR="/usr/target/ports"
> SYNC="rsync://rsync.gentoo.org/gentoo-portage"
> USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm
> audiofile avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga
> divx4linux dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd
> ethereal f77 font-server foomaticdb fortran gdbm gif gnome gpm gstreamer
> gtk gtk2 heimdal icq imlib ipv6 isdnlog jabber java javascript jikes
> joystick jpeg kde kerberos koffice-plugin libg++ libwww mad mikmod mime
> motif mp3 mpeg mplayer msn ncurses nls nocd nptl offensive ogg opengl oscar
> oss pam pcre pda pdflib perl png posix pppd python qt qt3 qt4 quicktime
> readline real reflection sdl session smime spell spl sse ssl svg tcpd
> truetype truetype-fonts type1-fonts udev unicode usb videos vorbis wmf xine
> xinerama xml xmms xorg xscreensaver xv yahoo zlib elibc_glibc
> input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux
> userland_GNU video_cards_radeon"
> Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
> LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
-- 
gentoo-user@gentoo.org mailing list