12:08 p.m.
I swapped out the /etc/authselect login and system files and It seems to be
that the
updated node 4.6 pam stack is calling /usr/sbin/chkpwd and that fails for
all cockpit users, root and otherwise.
for root
May 18 13:03:02 br014 unix_chkpwd[14186]: check pass; user unknown
May 18 13:03:02 br014 unix_chkpwd[14187]: check pass; user unknown
May 18 13:03:02 br014 unix_chkpwd[14187]: password check failed for user
(root)
for local user account >1000 UID
May 18 13:03:28 br014 unix_chkpwd[14309]: could not obtain user info
(e######)
On Tue, May 18, 2021 at 12:02 PM Edward Berger <edwberger(a)gmail.com> wrote:
/etc/pam.d/cockpit under node 4.4.6 is the same as you posted.
Something else changed.
#%PAM-1.0
# this MUST be first in the "auth" stack as it sets PAM_USER
# user_unknown is definitive, so die instead of ignore to avoid subsequent
modules mess up the error code
-auth [success=done new_authtok_reqd=done user_unknown=die
default=ignore] pam_cockpit_cert.so
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
auth optional pam_ssh_add.so
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed
in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session optional pam_ssh_add.so
session include password-auth
session include postlogin
On Tue, May 18, 2021 at 11:50 AM Gianluca Cecchi <
gianluca.cecchi(a)gmail.com> wrote:
> On Tue, May 18, 2021 at 4:50 PM Glenn Farmer <glenn.farmer(a)netfortris.com>
> wrote:
>
>> The current thread is about 4.4.6 - nice that you can login to your
>> 4.4.5.
>>
>
> The subject of the thread says it all... ;-)
> My point was to ask if you see differences in /etc/pam.d/cockpit in your
> 4.4.6, in respect with the version I pasted for my 4.4.5 or if they are the
> same.
> I cannot compare as I have not yet 4.4.6 installed
>
>
>> I changed the admin password on the engine - still cannot access the
>> Cockpit GUI on any of my hosts.
>>
>
> The cockpit gui for the host is accessed through users defined on the
> hosts, not on engine side. It is not related to the admin engine web admi
> gui...
> I think you can configure a normal user on your hypervisor host and see
> if you can use it to connect to the cockpit gui or if you receive error.
> Do you need any particular functionality to use the root user?
>
> HIH,
> Gianluca
>
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VSM4BLBD36M...
>