• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Linux:Cant' login to X using graphical login

C

CRH

Junior Member
I've run into a problem. I can't boot into X using Mandrake 8.2's
graphical login applet - not as root, not as user. I get the error "Login failure"
every time.

I can, though, login from command line (startx, kde3, etc), so for now my
default boot mode is to command line (run level 3).

I'm not sure what may have caused this but it did happen after I rebooted,
having just run InteractiveBastille. Coincidence?

Here is what I find in /var/log/messages - same in /var/log/auth.log

Below are the most recent.

Jul 14 20:11:15 localhost login(pam_unix)[9746]: authentication failure;
logname= uid=0 euid=0 tty=vc/1 ruser= rhost= user=root

Jul 14 20:11:17 localhost login[9746]:
FAILED LOGIN 1 FROM (null) FOR root, Authentication failure


:|
 
I'm sure that the Bastille script tightened up the PAM rules on the machine. Probably, it changed the default ("other") behavior from pam_unix (regular password authentication) to pam_deny (blanket refusal). So now the graphical login (which is different to PAM than the CLI one) is being denied because it's not specifically allowed in your configuration. What you'll need to do is create a config file specifically for the graphical login program. To do that, you'll need to know what service name PAM is seeing the graphical login as, and then create a file or entry in the configuration files. Unfortunately, I don't remember just how to find out the proper service name that PAM is expecting. But I'm sure if you search on the Linux PAM docs, you can find out. That should provide you with example configurations as well, though you can probably figure those out by looking at the current config.
 
Probably, it changed the default ("other") behavior from pam_unix (regular password authentication) to pam_deny (blanket refusal).
Click to expand...

That makes sense. I've been looking into it but I haven't found what I'm looking for yet. Concerning Bastille - how do I back out of it completely? Is there a way to undo everything it did and then just start over with it?
 
I think it's a problem with /etc/pam.d/xdm

Here is my xdm file:

#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so

Any ideas?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top