crontab -l “Authentication token is no longer” and id “context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023”

crontab -l
Authentication token is no longer valid; new one required
You (root) are not allowed to access to (crontab) because of pam configuration.
root查看计划任务的时候报错,提示用户 认证授权不再有效。
分析原因:
与pam有关的问题基本都是系统用户权限的问题,从提示来看应该是用户口令过期导致。
经过了解是该机器时间不对,在系统时间为2014的情况下设置了root的密码过期时间,再发现时间有问题的情况下,ntpdate更新了时间就出现了问题。时间整差距2年多。
解决办法:
重新设置root的用户口令即可,对于类似的其他用户也是更新密码即可。
结果发现还是存在一样的问题,每次登陆需要设置密码,crontab也一样的报错
排查过程如下:
查看secure的日志:
Dec 8 09:43:01 sdjy-k10-236 crond[95020]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:44:02 sdjy-k10-236 crond[100843]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:45:01 sdjy-k10-236 crond[107629]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:45:01 sdjy-k10-236 crond[107628]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:45:01 sdjy-k10-236 crond[107627]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:46:01 sdjy-k10-236 crond[115071]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:47:01 sdjy-k10-236 crond[120169]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:47:53 sdjy-k10-236 crontab: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:48:01 sdjy-k10-236 crond[125728]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:48:01 sdjy-k10-236 crond[125729]: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:48:12 sdjy-k10-236 crontab: pam_unix(crond:account): expired password for user root (password aged)
Dec 8 09:48:29 sdjy-k10-236 passwd: pam_unix(passwd:chauthtok): password changed for root
Dec 8 09:48:29 sdjy-k10-236 passwd: gkr-pam: couldn’t update the ‘login’ keyring password: no old password was entered
Dec 8 09:49:01 sdjy-k10-236 crond[131496]: pam_unix(crond:account): expired password for user root (password aged)
1,查看root的id,发现如下信息
id
uid=0(root) gid=0(root) groups=0(root),492(sfcb)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023这个问题与selinux有关系
2,查看/etc/selinux/config
里面写的disabled
但是使用getenforce查看是enforcing,问题基本清楚了。selinux没有关闭导致的。
3,重启机器让selinux关闭生效,登陆后查看一切正常
此条目发表在Knowledge, Oprating-System分类目录。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。 必填项已用*标注