Re: [xcat-user] It used to work..

[Viviano, B. <Viv...@ep...>]

Tom,

    This is a shot in the dark, but we've experienced this on our cluster when root's password has expired.  Our security policies require us to change the root password on the xCAT manager every 90 days and if it gets forgotten or missed bad things can happen.

    With the root password expired, cron and other programs that authenticate through PAM won't work correctly and give a less then useful messages.  On most Linux systems you can use the passwd command to determine if you have expire site on root's password:


# passwd -S root
root PS 2015-01-14 0 90 10 14 (Password set, SHA512 crypt.)


The above says root's password was set on 1/14/2015 and is good for 90 days with a warn time of 10 days and an expire after 14 days.  Straight out of /etc/shadow.


    -Brad Viviano


===================================================
Brad Viviano
High Performance Computing & Scientific Visualization
Lockheed Martin IS&GS - Civil, Supporting the EPA
Research Triangle Park, NC
919-541-2696
________________________________
From: Tom Huegel <teh...@gm...>
Sent: Wednesday, January 14, 2015 3:26 PM
To: xCAT Users Mailing list
Subject: [xcat-user] It used to work..

xCAT used to work 'fine' I haven't used it for a couple months and it quit working.

This is the message from ZHCP:
20:01:01 crond: (root) FAILED to authorize user with PAM (Authentication
    service cannot retrieve authentication info)


It looks like a security error, ???

Any tips?