On Tue, May 18, 2021 at 7:39 AM <jabeard24@gmail.com> wrote:
Hello.
I'm having the same issue with cockpit on the nodes. I'm unable to login as root or local user. I went from 4.4.5 to 4.4.6. It worked fine before the upgrade. I know the password is correct because I can log into the node via console and ssh. On one of the nodes I created a local account and have the same issue. The admin account works fine on the hosted engine VM.


I have not 4.4.6 yet, but could it be a change in /etc/pam.d/cockpit file?

On my 4.4.5 CentOS 8.3 based host, where I can connect as root in cockpit host console, I currently have this:

#%PAM-1.0
# this MUST be first in the "auth" stack as it sets PAM_USER
# user_unknown is definitive, so die instead of ignore to avoid subsequent modules mess up the error code
-auth      [success=done new_authtok_reqd=done user_unknown=die default=ignore]   pam_cockpit_cert.so
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
auth       optional     pam_ssh_add.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    optional     pam_ssh_add.so
session    include      password-auth
session    include      postlogin

Gianluca