Skip to main content

Error with authentication (PAM)

pauloz1890
My cron jobs have stopped working on my CentOS 7 server. The server is running WHM/cPanel. It seems like it is an issue with PAM service because in /var/log/secure I can see the following errors when the cron jobs try to run: Jun 24 10:45:01 server1 crond[22400]: pam_access(crond:account): auth could not identify password for [root] Jun 24 10:45:01 server1 crond[22404]: pam_access(crond:account): auth could not identify password for [admin] Jun 24 10:45:01 server1 crond[22400]: pam_localuser(crond:account): auth could not identify password for [root] Jun 24 10:45:01 server1 crond[22402]: pam_access(crond:account): auth could not identify password for [root] Jun 24 10:45:01 server1 crond[22405]: pam_access(crond:account): auth could not identify password for [admin] Jun 24 10:45:01 server1 crond[22400]: pam_localuser(crond:account): auth could not identify password for [root] Similarly /var/log/cron.log is showing that PAM is failing: Jun 24 12:40:01 server1 crond[26129]: (admin) PAM ERROR (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26129]: (admin) FAILED to authorize user with PAM (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26130]: (admin) PAM ERROR (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26130]: (admin) FAILED to authorize user with PAM (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26125]: (root) PAM ERROR (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26125]: (root) FAILED to authorize user with PAM (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26127]: (root) PAM ERROR (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26127]: (root) FAILED to authorize user with PAM (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26131]: (admin) PAM ERROR (Authentication information cannot be recovered) Jun 24 12:40:01 server1 crond[26131]: (admin) FAILED to authorize user with PAM (Authentication information cannot be recovered) Please help as I'm not sure what else to do to fix this problem. It's worth noting that the system auto-rebooted on June 21 when this issue began. I would really appreciate some help with this issue - thanks in advance!

Comments

2 comments

Date Votes
  • DarkenSraven
    Hi everyone! I'm having a weird issue on few of my customer servers and I still couldn't figure out why. The problem is, I can login to these CentOS 7 (vmware) servers from SSH from root user with no problem but when I execute a command that requires sudo permissions I keep getting this weird password prompt: [root@server ~]# sudo ifconfig [sudo] password for %p: Since I am logged in as root user this shouldn't be happening. But thats not even it! When I input the right password it keeps asking me around 6 more times. [root@server ~]# sudo ifconfig [sudo] password for %p: [sudo] password for %p: [sudo] password for %p: ens160: flags=4163 mtu 1500 *ifconfig opens* But when I execute anything without sudo it opens with no problems. [root@server ~]# ifconfig ens160: flags=4163 mtu 1500 *ifconfig opens* The weirdest part is that %p thing. I don't know why it is %p and not just root. This server is a cPanel hosting server and we are running bunch of crons at the background. Since we can't execute anything using sudo, Some crons stopped working as well. We need urgent help with this please. When I execute journalctl -xe Im seeing these weird lines: Jun 26 07:09:02 server.example.com crond[27267]: pam_access(crond:account): auth could not identify password for [root] Jun 26 07:09:02 server.example.com crond[27267]: pam_localuser(crond:account): auth could not identify password for [root] Jun 26 07:09:02 server.example.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [uid] Jun 26 07:09:02 server.example.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [<] Jun 26 07:09:02 server.example.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [1000] Jun 26 07:09:02 server.example.com crond[27267]: pam_succeed_if(crond:account): unrecognized option [quiet] Jun 26 07:09:02 server.example.com crond[27267]: pam_succeed_if(crond:account): auth could not identify password for [root] Jun 26 07:09:02 server.example.com crond[27267]: (root) PAM ERROR (Authentication information cannot be recovered) Jun 26 07:09:02 server.example.com crond[27267]: (root) FAILED to authorize user with PAM (Authentication information cannot be recovered)
    I also see these some times: Jun 26 07:06:22 server.example.com sudo[27105]: pam_succeed_if(sudo:session): conversation failed Jun 26 07:06:22 server.example.com sudo[27105]: pam_succeed_if(sudo:session): auth could not identify password for [root] Jun 26 07:06:22 server.example.com sudo[27105]: pam_unix(sudo:session): session closed for user root
    Weird right? I tried changing the root user password, rebooting, updating with yum -y update nothing worked. Please help me ASAP. I have 6 servers like this and Im pretty sure I wasn't hacked.
    0
  • cPanelMichael
    Hello Everyone, The errors reported in this thread are often an indicator of a compromised (hacked) system. I recommend submitting a
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post