From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IWEqO-0002Mo-CX for garchives@archives.gentoo.org; Fri, 14 Sep 2007 17:20:40 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8EHBdlQ019220; Fri, 14 Sep 2007 17:11:39 GMT Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8EH7HRn014264 for ; Fri, 14 Sep 2007 17:07:17 GMT Received: by nf-out-0910.google.com with SMTP id f5so750878nfh for ; Fri, 14 Sep 2007 10:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=PUPJY9tu6soVUy3FQoXcxgWz9x+gdnOJ/G4PtWdObN8=; b=g3KnwkSB4ryAa8inHWBSauaHdO1GOjYipRyNaeom+OdK7B4Kfw8muVlKIbfw5L+tAK1yQNr/ksPlVorTetVFKhcNXEWPCWEHciL2kIq0B4EONVyrxeu1oUFnKsaoa1tMltNNWdFVUdg0mMY381jc5Zo0jZLHGYNgAQOqKkOa1iA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Y6tyuMypIbZT9l2a+almiWOfsoEwzXpvzjW/1CdZDccz+KCC1eQ1q9hLkH8iQRwqNjzX5fm7WV/oZBPydMEiIh4WNQ129iO2Pm0vVAKfX1svBp6rXMsnHuJM+sH/jt+dwpnCUxYaKzi3jirclhD4mlkR3J/hvW109APvar1qPFc= Received: by 10.78.206.9 with SMTP id d9mr1215630hug.1189789636253; Fri, 14 Sep 2007 10:07:16 -0700 (PDT) Received: by 10.78.83.8 with HTTP; Fri, 14 Sep 2007 10:07:15 -0700 (PDT) Message-ID: <642958cc0709141007l4fc848adp4c8b427d6157d09b@mail.gmail.com> Date: Fri, 14 Sep 2007 13:07:15 -0400 From: "Mark Shields" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] root can't login on console, but can ssh... In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2332_29428163.1189789636014" References: X-Archives-Salt: 84252d55-9270-4e05-87a2-31d62d35a036 X-Archives-Hash: 1c5b89d55e375b9d88148650142b9fea ------=_Part_2332_29428163.1189789636014 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 9/13/07, Daevid Vincent wrote: > > I've posted this about two months ago without any replies. I've been > googling and trying things, but still can't get this to work like it used > to. > > I simply want root to be able to login from console (tty[1-6]) or ssh > (pts/[0-9]) without a password. Currently ssh does work fine. It's only > the > physical console that doesn't. > > This WAS working perfectly, then PAM or some other ebuild "broke it" on > me. > > Just for sanity, I even assigned root a password, I now get a "Password" > prompt, but it STILL can't login. (positive I'm typing it right) It says > "Login incorrect". > > -----Original Message----- > From: Daevid Vincent [mailto:daevid@daevid.com] > Sent: Tuesday, July 17, 2007 3:47 PM > To: gentoo-user@lists.gentoo.org > Subject: [gentoo-user] root can't login on console, but can ssh... > > I have a LAMP development VMWare setup so that I can login as root sans > password. > > This was working fine until something recently changed that. > It doesn't even prompt for the password, it just timesout after x > seconds. > > Oddly I can ssh in as root (without the password as expected). > > I have my "daevid" account without password and that logs in fine on the > console and ssh. > > I can circumvent this behaviour by logging in as 'daevid', then 'sudo su > -' (which doesn't prompt for pw either), but I'd like it to work the way > it did. > > Perhaps it was some PAM thing? Or login.defs? Or in pam.d/ ? > > LAMP pam.d # cat login > #%PAM-1.0 > > auth required pam_securetty.so > auth required pam_tally.so file=3D/var/log/faillog onerr=3Dsucc= eed > no_magic_root > auth required pam_shells.so > auth required pam_nologin.so > auth include system-auth > > account required pam_access.so > account include system-auth > account required pam_tally.so deny=3D0 file=3D/var/log/faillog > onerr=3Dsucceed no_magic_root > > password include system-auth > > session required pam_env.so > session optional pam_lastlog.so > session optional pam_motd.so motd=3D/etc/motd > session optional pam_mail.so > > # If you want to enable pam_console, uncomment the following line > # and read carefully README.pam_console in /usr/share/doc/pam* > #session optional pam_console.so > > session include system-auth > > > LAMP ~ # cat /etc/securetty > # /etc/securetty: list of terminals on which root is allowed to login. > # See securetty(5) and login(1). > console > pts/0 > pts/1 > pts/2 > pts/3 > pts/4 > pts/5 > pts/6 > pts/7 > pts/8 > vc/0 > vc/1 > vc/2 > vc/3 > vc/4 > vc/5 > vc/6 > vc/7 > vc/8 > vc/9 > vc/10 > vc/11 > vc/12 > tty0 > tty1 > tty2 > tty3 > tty4 > tty5 > tty6 > tty7 > tty8 > tty9 > tty10 > tty11 > tty12 > tts/0 > ttyS0 > > > =D0=C65=CF=D0 > > > -- > gentoo-user@gentoo.org mailing list > > > -- > gentoo-user@gentoo.org mailing list > > Check out /etc/securetty (man securetty). There should be at least one uncommented entry listing 'tty1' if you want to be able to log in with just the first virtual terminal, or if you want root to be allowed on all virtua= l terminals, add tty1 through tty12. --=20 - Mark Shields ------=_Part_2332_29428163.1189789636014 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 9/13/07, Daevid Vincent <daevid@daevid.com> wrote:
I've posted this about two months ago without any replies. I've bee= n
googling and trying things, but still can't get this to work like = it used
to.

I simply want root to be able to login from console (= tty[1-6]) or ssh
(pts/[0-9]) without a password. Currently ssh does work fine. It's = only the
physical console that doesn't.

This WAS working perf= ectly, then PAM or some other ebuild "broke it" on me.

Just for sanity, I even assigned root a password, I now get a "Passwor= d"
prompt, but it STILL can't login. (positive I'm typing i= t right) It says
"Login incorrect".

-----Original Messa= ge-----
From: Daevid Vincent [mailto:daevi= d@daevid.com]
Sent: Tuesday, July 17, 2007 3:47 PM
To: gentoo-user@lists.gentoo.org
S= ubject: [gentoo-user] root can't login on console, but can ssh...

I have a LAMP development VMWare setup so that I can login as root = sans
password.

This was working fine until something recently cha= nged that.
It doesn't even prompt for the password, it just timesout= after x
seconds.

Oddly I can ssh in as root (without the password as exp= ected).

I have my "daevid" account without password and th= at logs in fine on the
console and ssh.

I can circumvent this beh= aviour by logging in as 'daevid', then 'sudo su
-' (which doesn't prompt for pw either), but I'd like it to= work the way
it did.

Perhaps it was some PAM thing? Or login.def= s? Or in pam.d/ ?

LAMP pam.d # cat login
#%PAM-1.0

auth&nb= sp;      required     pam_secu= retty.so
auth       required   &nbs= p; pam_tally.so file=3D/var/log/faillog onerr=3Dsucceed
no_magic_rootauth       required     = pam_shells.so
auth       required &nb= sp;   pam_nologin.so
auth       = include      system-auth

account    required     pam_access.= so
account    include     &= nbsp;system-auth
account    required  &nbs= p;  pam_tally.so deny=3D0 file=3D/var/log/faillog
onerr=3Dsucceed n= o_magic_root

password   include    &nb= sp; system-auth

session    required     pam_env= .so
session    optional     pam_= lastlog.so
session    optional   &nbs= p; pam_motd.so motd=3D/etc/motd
session    optional&= nbsp;    pam_mail.so

# If you want to enable pam_cons= ole, uncomment the following line
# and read carefully README.pam_console in /usr/share/doc/pam*
#sess= ion    optional    pam_console.so
session    include     &= nbsp;system-auth


LAMP ~ # cat /etc/securetty
# /etc/securetty= : list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
pts/0
pts/1
pts/2<= br>pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
vc/0
vc/1
vc= /2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
vc/12
tty0
tty1
tty2
tty3
tty4
tty5
tty6
t= ty7
tty8
tty9
tty10
tty11
tty12
tts/0
ttyS0

=D0=C65=CF=D0


--
g= entoo-user@gentoo.org mailing list


--
gentoo-user@gentoo.org mailing list


Che= ck out /etc/securetty (man securetty).  There should be at least one u= ncommented entry listing 'tty1' if you want to be able to log in wi= th just the first virtual terminal, or if you want root to be allowed on al= l virtual terminals, add tty1 through tty12.

--
- Mark Shields ------=_Part_2332_29428163.1189789636014-- -- gentoo-user@gentoo.org mailing list