[OpenAFS] Ticket cache file permission incorrect of Openafs Client in Scientific Linux 6

huangql huangql@ihep.ac.cn
Fri, 2 Aug 2019 12:49:10 +0800


This is a multi-part message in MIME format.

------=_001_NextPart227874422567_=----
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: base64

SGkgQmVuLA0KDQpJIGdvdCBpdC4gVGhhbmtzIGZvciB5b3VyIGdvb2Qgc3VnZ2VzdGlvbi4NCg0K
UmVnYXJkcywNClFpdWxhbg0KDQoNCg0KaHVhbmdxbA0KPT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCkNvbXB1dGluZyBj
ZW50ZXIsdGhlIEluc3RpdHV0ZSBvZiBIaWdoIEVuZXJneSBQaHlzaWNzLCBDQVMsIENoaW5hDQpR
aXVsYW4gSHVhbmcgICAgICAgICAgICAgICAgICAgICAgIFRlbDogKCs4NikgMTAgODgyMyA2MDg3
DQpQLk8uIEJveCA5MTgtNyAgICAgICAgICAgICAgICAgICAgICAgRmF4OiAoKzg2KSAxMCA4ODIz
IDY4MzkNCkJlaWppbmcgMTAwMDQ5ICBQLlIuIENoaW5hICAgICAgICAgICBFbWFpbDogaHVhbmdx
bEBpaGVwLmFjLmNuDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09DQogDQpGcm9tOiBCZW5qYW1pbiBLYWR1aw0KRGF0ZTog
MjAxOS0wOC0wMSAwMzo1Ng0KVG86IGh1YW5ncWwNCkNDOiBvcGVuYWZzLWluZm8NClN1YmplY3Q6
IFJlOiBbT3BlbkFGU10gVGlja2V0IGNhY2hlIGZpbGUgcGVybWlzc2lvbiBpbmNvcnJlY3Qgb2Yg
T3BlbmFmcyBDbGllbnQgaW4gU2NpZW50aWZpYyBMaW51eCA2DQpPbiBNb24sIEp1bCAyOSwgMjAx
OSBhdCAxMjo0NzozNVBNICswODAwLCBodWFuZ3FsIHdyb3RlOg0KPiBEZWFyIGFsbCwNCj4gDQo+
IEknbSBzdHVjayB3aXRoIHRoZSB0aWNrZXQgY2FjaGUgZmlsZSBwZXJtaXNzaW9uIGluY29ycmVj
dCAgYWZ0ZXIgdXNlcnMgbG9naW4gZmFybSB3aXRoIFBhbSBtb2R1bGUuICBJbiB0aGlzIGNhc2Us
IHVzZXJzIGZhaWxlZCB0byBydW4gImtwYXNzd2QiLCAia2xpc3QiIGNvbW1hbmQgd2l0aCB0aGUg
Zm9sbG93aW5nIGVycm9yLg0KPiANCj4ga3Bhc3N3ZDogQ3JlZGVudGlhbHMgY2FjaGUgcGVybWlz
c2lvbnMgaW5jb3JyZWN0IGdldHRpbmcgcHJpbmNpcGFsIGZyb20gY2NhY2hlDQogDQpUaGF0IHNv
dW5kcyBsaWtlIGFuIGlzc3VlIGF0IHRoZSBLZXJiZXJvcyBvciBQQU0gKGNvbmZpZ3VyYXRpb24p
IGxheWVyOw0KYXNraW5nIG9uIGtlcmJlcm9zQG1pdC5lZHUgbWlnaHQgYmUgbW9yZSBsaWtlbHkg
dG8gcmVhY2ggdGhlIHJpZ2h0IHBlb3BsZS4NCiANCi1CZW4NCiANCj4ga2xpc3Q6IENyZWRlbnRp
YWxzIGNhY2hlIHBlcm1pc3Npb25zIGluY29ycmVjdCB3aGlsZSBzZXR0aW5nIGNhY2hlIGZsYWdz
ICh0aWNrZXQgY2FjaGUgRklMRTovdG1wL2tyYjVjY182MDAzN18xQmRUMG0pDQo+IA0KPiANCj4g
SSBmb3VuZCB0aGUgZXJyb3IgY2F1c2VkIGJ5IHRoZSBpbmNvcnJlY3QgcGVybWlzc2lvbiBvZiB0
aWNrZXQgZmlsZShhbGwgdGhlIHBlcnNvbmFsIHRpY2tldCBmaWxlIHdpdGggdGhlIHJvb3QgdWlk
IGJ1dCByaWdodCBnaWQgKS4NCj4gDQo+IEZvciBleGFtcGxlOg0KPiANCj4gLXJ3LS0tLS0tLSAx
IHJvb3QgdTA3IDQ2OSBKdWwgMjkgMTA6MDAgL3RtcC9rcmI1Y2NfNjAwMzdfMUJkVDBtDQo+IA0K
PiBBbmQgdGhpcyBpc3N1ZSBoYXBwZW5zIGluIFNjaWVudGlmaWMgTGludXggNiBub3QgaW4gU2Np
ZW50aWZpYyBMaW51eCA3Lg0KPiANCj4gSSBhdHRhY2hlZCB0aGUgcGFtLmQgY29uZmlndXJhdGlv
bjoNCj4gDQo+IA0KPiBbcm9vdEBseHNsYzYxMyB+XSMgdmkgL2V0Yy9wYW0uZC9zeXN0ZW0tYXV0
aC1hYw0KPiAjJVBBTS0xLjANCj4gIyBUaGlzIGZpbGUgaXMgYXV0by1nZW5lcmF0ZWQuDQo+ICMg
VXNlciBjaGFuZ2VzIHdpbGwgYmUgZGVzdHJveWVkIHRoZSBuZXh0IHRpbWUgYXV0aGNvbmZpZyBp
cyBydW4uDQo+IGF1dGggICAgICAgIHN1ZmZpY2llbnQgICAgcGFtX2tyYjUuc28gdHJ5X2ZpcnN0
X3Bhc3MNCj4gYXV0aCAgICAgICAgb3B0aW9uYWwgICAgICBwYW1fYWZzX3Nlc3Npb24uc28gcHJv
Z3JhbT0vdXNyL2Jpbi9ha2xvZw0KPiBhdXRoICAgICAgICByZXF1aXJlZCAgICAgIHBhbV9lbnYu
c28NCj4gYXV0aCAgICAgICAgc3VmZmljaWVudCAgICBwYW1fZnByaW50ZC5zbw0KPiBhdXRoICAg
ICAgICByZXF1aXNpdGUgICAgIHBhbV9zdWNjZWVkX2lmLnNvIHVpZCA+PSA1MDAgcXVpZXQNCj4g
YXV0aCAgICAgICAgcmVxdWlyZWQgICAgICBwYW1fZGVueS5zbw0KPiANCj4gYWNjb3VudCAgICAg
c3VmZmljaWVudCAgICBwYW1fa3JiNS5zbw0KPiBhY2NvdW50ICAgICByZXF1aXJlZCAgICAgIHBh
bV91bml4LnNvDQo+IGFjY291bnQgICAgIHN1ZmZpY2llbnQgICAgcGFtX2xvY2FsdXNlci5zbw0K
PiBhY2NvdW50ICAgICBzdWZmaWNpZW50ICAgIHBhbV9zdWNjZWVkX2lmLnNvIHVpZCA8IDUwMCBx
dWlldA0KPiBhY2NvdW50ICAgICByZXF1aXJlZCAgICAgIHBhbV9wZXJtaXQuc28NCj4gDQo+IHBh
c3N3b3JkICAgIHN1ZmZpY2llbnQgICAgcGFtX2tyYjUuc28gICAgICAgICAgdXNlX2ZpcnN0X3Bh
c3MNCj4gcGFzc3dvcmQgICAgcmVxdWlzaXRlICAgICBwYW1fY3JhY2tsaWIuc28gdHJ5X2ZpcnN0
X3Bhc3MgcmV0cnk9MyB0eXBlPQ0KPiBwYXNzd29yZCAgICBzdWZmaWNpZW50ICAgIHBhbV91bml4
LnNvIHNoYTUxMiBzaGFkb3cgbnVsbG9rIHRyeV9maXJzdF9wYXNzIHVzZV9hdXRodG9rDQo+IHBh
c3N3b3JkICAgIHJlcXVpcmVkICAgICAgcGFtX2Rlbnkuc28NCj4gDQo+IHNlc3Npb24gICAgIHJl
cXVpcmVkICAgICAgcGFtX3VuaXguc28NCj4gc2Vzc2lvbiAgICAgb3B0aW9uYWwgICAgICBwYW1f
a3JiNS5zbw0KPiBzZXNzaW9uICAgICBvcHRpb25hbCAgICAgIHBhbV9hZnNfc2Vzc2lvbi5zbyAg
IHByb2dyYW09L3Vzci9iaW4vYWtsb2cNCj4gc2Vzc2lvbiAgICAgb3B0aW9uYWwgICAgICBwYW1f
a2V5aW5pdC5zbyByZXZva2UNCj4gc2Vzc2lvbiAgICAgcmVxdWlyZWQgICAgICBwYW1fbGltaXRz
LnNvDQo+IHNlc3Npb24gICAgIFtzdWNjZXNzPTEgZGVmYXVsdD1pZ25vcmVdIHBhbV9zdWNjZWVk
X2lmLnNvIHNlcnZpY2UgaW4gY3JvbmQgcXVpZXQgdXNlX3VpZA0KPiB+DQo+IA0KPiANCj4gW3Jv
b3RAbHhzbGM2MTMgfl0jIHZpIC9ldGMvcGFtLmQvcGFzc3dvcmQtYXV0aC1hYw0KPiAjJVBBTS0x
LjANCj4gIyBUaGlzIGZpbGUgaXMgYXV0by1nZW5lcmF0ZWQuDQo+ICMgVXNlciBjaGFuZ2VzIHdp
bGwgYmUgZGVzdHJveWVkIHRoZSBuZXh0IHRpbWUgYXV0aGNvbmZpZyBpcyBydW4uDQo+IGF1dGgg
ICAgICAgIHN1ZmZpY2llbnQgICAgcGFtX2tyYjUuc28gdHJ5X2ZpcnN0X3Bhc3MNCj4gYXV0aCAg
ICAgICAgb3B0aW9uYWwgICAgICBwYW1fYWZzX3Nlc3Npb24uc28gcHJvZ3JhbT0vdXNyL2Jpbi9h
a2xvZw0KPiANCj4gYXV0aCAgICAgICAgcmVxdWlyZWQgICAgICBwYW1fZW52LnNvDQo+IGF1dGgg
ICAgICAgIHN1ZmZpY2llbnQgICAgcGFtX3VuaXguc28gbnVsbG9rIHRyeV9maXJzdF9wYXNzDQo+
IGF1dGggICAgICAgIHJlcXVpc2l0ZSAgICAgcGFtX3N1Y2NlZWRfaWYuc28gdWlkID49IDUwMCBx
dWlldA0KPiBhdXRoICAgICAgICByZXF1aXJlZCAgICAgIHBhbV9kZW55LnNvDQo+IA0KPiBhY2Nv
dW50ICAgICBzdWZmaWNpZW50ICAgIHBhbV9rcmI1LnNvDQo+IGFjY291bnQgICAgIHJlcXVpcmVk
ICAgICAgcGFtX3VuaXguc28NCj4gYWNjb3VudCAgICAgc3VmZmljaWVudCAgICBwYW1fbG9jYWx1
c2VyLnNvDQo+IGFjY291bnQgICAgIHN1ZmZpY2llbnQgICAgcGFtX3N1Y2NlZWRfaWYuc28gdWlk
IDwgNTAwIHF1aWV0DQo+IGFjY291bnQgICAgIHJlcXVpcmVkICAgICAgcGFtX3Blcm1pdC5zbw0K
PiANCj4gcGFzc3dvcmQgICAgcmVxdWlzaXRlICAgICBwYW1fY3JhY2tsaWIuc28gdHJ5X2ZpcnN0
X3Bhc3MgcmV0cnk9MyB0eXBlPQ0KPiBwYXNzd29yZCAgICBzdWZmaWNpZW50ICAgIHBhbV91bml4
LnNvIHNoYTUxMiBzaGFkb3cgbnVsbG9rIHRyeV9maXJzdF9wYXNzIHVzZV9hdXRodG9rDQo+IHBh
c3N3b3JkICAgIHJlcXVpcmVkICAgICAgcGFtX2Rlbnkuc28NCj4gDQo+IHNlc3Npb24gICAgIG9w
dGlvbmFsICAgICAgcGFtX2tyYjUuc28NCj4gc2Vzc2lvbiAgICAgb3B0aW9uYWwgICAgICBwYW1f
YWZzX3Nlc3Npb24uc28gICBwcm9ncmFtPS91c3IvYmluL2FrbG9nDQo+IHNlc3Npb24gICAgIG9w
dGlvbmFsICAgICAgcGFtX2tleWluaXQuc28gcmV2b2tlDQo+IHNlc3Npb24gICAgIHJlcXVpcmVk
ICAgICAgcGFtX2xpbWl0cy5zbw0KPiBzZXNzaW9uICAgICBbc3VjY2Vzcz0xIGRlZmF1bHQ9aWdu
b3JlXSBwYW1fc3VjY2VlZF9pZi5zbyBzZXJ2aWNlIGluIGNyb25kIHF1aWV0IHVzZV91aWQNCj4g
c2Vzc2lvbiAgICAgcmVxdWlyZWQgICAgICBwYW1fdW5peC5zbw0KPiANCj4gDQo+IERvZXMgYW55
b25lIGtub3cgYWJvdXQgdGhpcyBpc3N1ZSBhbmQgZ2l2ZSBtZSBzb21lIGNsdWVzPyBBbnkgc3Vn
Z2VzdGlvbnMgd291bGQgYmUgZ3JlYXRseSBhcHByZWNpYXRlZC4gTWFueSB0aGFua3MuDQo+IA0K
PiBSZWdhcmRzLA0KPiBRaXVsYW4NCj4gDQo+IA0KPiBodWFuZ3FsDQo+ID09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQo+
IENvbXB1dGluZyBjZW50ZXIsdGhlIEluc3RpdHV0ZSBvZiBIaWdoIEVuZXJneSBQaHlzaWNzLCBD
QVMsIENoaW5hDQo+IFFpdWxhbiBIdWFuZyAgICAgICAgICAgICAgICAgICAgICAgVGVsOiAoKzg2
KSAxMCA4ODIzIDYwODcNCj4gUC5PLiBCb3ggOTE4LTcgICAgICAgICAgICAgICAgICAgICAgIEZh
eDogKCs4NikgMTAgODgyMyA2ODM5DQo+IEJlaWppbmcgMTAwMDQ5ICBQLlIuIENoaW5hICAgICAg
ICAgICBFbWFpbDogaHVhbmdxbEBpaGVwLmFjLmNuDQo+ID09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCg==

------=_001_NextPart227874422567_=----
Content-Type: text/html;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charse=
t=3DISO-8859-1"><style>body { line-height: 1.5; }blockquote { margin-top: =
0px; margin-bottom: 0px; margin-left: 0.5em; }body { font-size: 10.5pt; fo=
nt-family: ????; color: rgb(0, 0, 0); line-height: 1.5; }</style></head><b=
ody>=0A<div><span></span>Hi Ben,</div><div><br></div><div>I got it. Thanks=
 for your good suggestion.</div><div><br></div><div>Regards,</div><div>Qiu=
lan</div>=0A<div><br></div>=0A<hr style=3D"width: 210px; height: 1px;" ali=
gn=3D"left" color=3D"#b5c4df" size=3D"1">=0A<div><span><div style=3D"MARGI=
N: 10px; FONT-FAMILY: verdana; FONT-SIZE: 10pt"><div>huangql</div></div></=
span></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D<br>Computing center,the Institute of High Energy Physics, CAS, China<b=
r>Qiulan Huang &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; Tel: (+86) 10 8823 6087<br>P.O. Box 918-7 &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Fax: (+86) =
10 8823 6839<br>Beijing 100049 &nbsp;P.R. China &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; Email: huangql@ihep.ac.cn<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D</div>=0A<blockquote style=3D"margin-Top: 0px; margin=
-Bottom: 0px; margin-Left: 0.5em"><div>&nbsp;</div><div style=3D"border:no=
ne;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style=3D=
"PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma=
;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px=
"><div><b>From:</b>&nbsp;<a href=3D"mailto:kaduk@mit.edu">Benjamin Kaduk</=
a></div><div><b>Date:</b>&nbsp;2019-08-01&nbsp;03:56</div><div><b>To:</b>&=
nbsp;<a href=3D"mailto:huangql@ihep.ac.cn">huangql</a></div><div><b>CC:</b=
>&nbsp;<a href=3D"mailto:openafs-info@openafs.org">openafs-info</a></div><=
div><b>Subject:</b>&nbsp;Re: [OpenAFS] Ticket cache file permission incorr=
ect of Openafs Client in Scientific Linux 6</div></div></div><div><div>On =
Mon, Jul 29, 2019 at 12:47:35PM +0800, huangql wrote:</div>=0A<div>&gt; De=
ar all,</div>=0A<div>&gt; </div>=0A<div>&gt; I'm stuck with the ticket cac=
he file permission incorrect&nbsp; after users login farm with Pam module.=
&nbsp; In this case, users failed to run "kpasswd", "klist" command with t=
he following error.</div>=0A<div>&gt; </div>=0A<div>&gt; kpasswd: Credenti=
als cache permissions incorrect getting principal from ccache</div>=0A<div=
>&nbsp;</div>=0A<div>That sounds like an issue at the Kerberos or PAM (con=
figuration) layer;</div>=0A<div>asking on kerberos@mit.edu might be more l=
ikely to reach the right people.</div>=0A<div>&nbsp;</div>=0A<div>-Ben</di=
v>=0A<div>&nbsp;</div>=0A<div>&gt; klist: Credentials cache permissions in=
correct while setting cache flags (ticket cache FILE:/tmp/krb5cc_60037_1Bd=
T0m)</div>=0A<div>&gt; </div>=0A<div>&gt; </div>=0A<div>&gt; I found the e=
rror caused by the incorrect permission of ticket file(all the personal ti=
cket file with the root uid but right gid ).</div>=0A<div>&gt; </div>=0A<d=
iv>&gt; For example:</div>=0A<div>&gt; </div>=0A<div>&gt; -rw------- 1 roo=
t u07 469 Jul 29 10:00 /tmp/krb5cc_60037_1BdT0m</div>=0A<div>&gt; </div>=
=0A<div>&gt; And this issue happens in Scientific Linux 6 not in Scientifi=
c Linux 7.</div>=0A<div>&gt; </div>=0A<div>&gt; I attached the pam.d confi=
guration:</div>=0A<div>&gt; </div>=0A<div>&gt; </div>=0A<div>&gt; [root@lx=
slc613 ~]# vi /etc/pam.d/system-auth-ac</div>=0A<div>&gt; #%PAM-1.0</div>=
=0A<div>&gt; # This file is auto-generated.</div>=0A<div>&gt; # User chang=
es will be destroyed the next time authconfig is run.</div>=0A<div>&gt; au=
th&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&nbsp; =
pam_krb5.so try_first_pass</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; optional&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_afs_session.s=
o program=3D/usr/bin/aklog</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_env.so</div>=
=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbs=
p;&nbsp;&nbsp; pam_fprintd.so</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; requisite&nbsp;&nbsp;&nbsp;&nbsp; pam_succeed_if.so u=
id &gt;=3D 500 quiet</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_deny.so</div>=0A<di=
v>&gt; </div>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;=
&nbsp;&nbsp; pam_krb5.so</div>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&nbsp;=
 required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_unix.so</div>=0A<div>&gt; acco=
unt&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&nbsp; pam_localuser.so<=
/div>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&n=
bsp; pam_succeed_if.so uid &lt; 500 quiet</div>=0A<div>&gt; account&nbsp;&=
nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_permit.so</di=
v>=0A<div>&gt; </div>=0A<div>&gt; password&nbsp;&nbsp;&nbsp; sufficient&nb=
sp;&nbsp;&nbsp; pam_krb5.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp; use_first_pass</div>=0A<div>&gt; password&nbsp;&nbsp;&nbsp; requis=
ite&nbsp;&nbsp;&nbsp;&nbsp; pam_cracklib.so try_first_pass retry=3D3 type=
=3D</div>=0A<div>&gt; password&nbsp;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&nb=
sp; pam_unix.so sha512 shadow nullok try_first_pass use_authtok</div>=0A<d=
iv>&gt; password&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_deny.so</div>=0A<div>&gt; </div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;=
&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_unix.so</div>=0A<div>&gt=
; session&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; p=
am_krb5.so</div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; pam_afs_session.so&nbsp;&nbsp; program=3D/usr/bi=
n/aklog</div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp; pam_keyinit.so revoke</div>=0A<div>&gt; session&nbs=
p;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_limits.so<=
/div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; [success=3D1 default=3Di=
gnore] pam_succeed_if.so service in crond quiet use_uid</div>=0A<div>&gt; =
~</div>=0A<div>&gt; </div>=0A<div>&gt; </div>=0A<div>&gt; [root@lxslc613 ~=
]# vi /etc/pam.d/password-auth-ac</div>=0A<div>&gt; #%PAM-1.0</div>=0A<div=
>&gt; # This file is auto-generated.</div>=0A<div>&gt; # User changes will=
 be destroyed the next time authconfig is run.</div>=0A<div>&gt; auth&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&nbsp; pam_krb=
5.so try_first_pass</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; optional&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_afs_session.so progr=
am=3D/usr/bin/aklog</div>=0A<div>&gt; </div>=0A<div>&gt; auth&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_e=
nv.so</div>=0A<div>&gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; suf=
ficient&nbsp;&nbsp;&nbsp; pam_unix.so nullok try_first_pass</div>=0A<div>&=
gt; auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; requisite&nbsp;&nbsp;&n=
bsp;&nbsp; pam_succeed_if.so uid &gt;=3D 500 quiet</div>=0A<div>&gt; auth&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp; pam_deny.so</div>=0A<div>&gt; </div>=0A<div>&gt; account&nbsp;&nbsp=
;&nbsp;&nbsp; sufficient&nbsp;&nbsp;&nbsp; pam_krb5.so</div>=0A<div>&gt; a=
ccount&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_=
unix.so</div>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&nbsp; sufficient&nbsp;=
&nbsp;&nbsp; pam_localuser.so</div>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&=
nbsp; sufficient&nbsp;&nbsp;&nbsp; pam_succeed_if.so uid &lt; 500 quiet</d=
iv>=0A<div>&gt; account&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; pam_permit.so</div>=0A<div>&gt; </div>=0A<div>&gt; password&n=
bsp;&nbsp;&nbsp; requisite&nbsp;&nbsp;&nbsp;&nbsp; pam_cracklib.so try_fir=
st_pass retry=3D3 type=3D</div>=0A<div>&gt; password&nbsp;&nbsp;&nbsp; suf=
ficient&nbsp;&nbsp;&nbsp; pam_unix.so sha512 shadow nullok try_first_pass =
use_authtok</div>=0A<div>&gt; password&nbsp;&nbsp;&nbsp; required&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; pam_deny.so</div>=0A<div>&gt; </div>=0A<div>&gt; ses=
sion&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_kr=
b5.so</div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; pam_afs_session.so&nbsp;&nbsp; program=3D/usr/bin/akl=
og</div>=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; optional&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; pam_keyinit.so revoke</div>=0A<div>&gt; session&nbsp;&nb=
sp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_limits.so</div>=
=0A<div>&gt; session&nbsp;&nbsp;&nbsp;&nbsp; [success=3D1 default=3Dignore=
] pam_succeed_if.so service in crond quiet use_uid</div>=0A<div>&gt; sessi=
on&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pam_unix=
.so</div>=0A<div>&gt; </div>=0A<div>&gt; </div>=0A<div>&gt; Does anyone kn=
ow about this issue and give me some clues? Any suggestions would be great=
ly appreciated. Many thanks.</div>=0A<div>&gt; </div>=0A<div>&gt; Regards,=
</div>=0A<div>&gt; Qiulan</div>=0A<div>&gt; </div>=0A<div>&gt; </div>=0A<d=
iv>&gt; huangql</div>=0A<div>&gt; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D</div>=0A<div>&gt; Computing center,the Institute of =
High Energy Physics, CAS, China</div>=0A<div>&gt; Qiulan Huang&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Tel: (+86) 10 8823 6087</di=
v>=0A<div>&gt; P.O. Box 918-7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; Fax: (+86) 10 8823 6839</div>=0A<div>&gt; Beijing 100049&nbs=
p; P.R. China&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Email: huangql@ihep.ac.cn</div>=0A<div>&gt; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>=0A</div></blockquote></body></html>
------=_001_NextPart227874422567_=------