Authenticate using pam_unix.so:
This authentication mechanism uses the
/etc/passwd files to authenticate the users. The default PAM configuration file on a Red Hat Enterprise Linux (RHEL) system for nails looks like the following.
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
- The first line signifies that the nails service will try to use the system-auth PAM configuration for its authentication purpose.
- The second line suggests checking the /etc/nologin file if it exists.
In this scenario, it is possible for the system-auth PAM configuration to use a module that is not compatible with VSEL. To authenticate the VSEL user (nails) with the /etc/passwd files, modify the
/etc/pam.d/nails file to resemble the following example:
NOTE: The order of lines is important. A reboot is not required after you modify this file.
#%PAM-1.0
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_nologin.so
Authenticate using pam_nam.so
In SUSE Linux Enterprise Server Open Enterprise Server (SLES OES) systems, where NSS volumes need to be scanned, the VSEL user and group are created in eDirectory rather than the
/etc/passwd files. In such cases, it is required that the PAM configuration file is configured accordingly. If the system PAM authentication for the SLES server is not configured to authenticate using pam_nam.so, VSEL does not work properly. In this case, configure the
/etc/pam.d/nails file like the following example to resolve the issue.
#%PAM-1.0
auth sufficient pam_nam.so use_first_pass
auth required pam_nologin.so
Also, confirm that the following lines in /
etc/nsswitch.conf have the word
nam specified as shown below.
passwd: compat
nam
group: compat
nam
It is also helpful to run
namconfig cache_refresh as root to clear any stale cache entries that might prevent successful authentication.
