After configured securid pam on linux, rsa server always shown "passcode incorrect". No other error message on either the client or the server side.
Only after installed PAM 7.0 for securid, it is possible to enable trace option (/etc/sd_pam.conf). From the log, there is this line:
[thin] 12:26:44.001 File:creadcfg.c Line:459 # readcfg reading sdconf.rec
[thin] 12:26:44.001 File:creadcfg.c Line:1165 # match_sdopts_server() sdopts server 0 returning 0 MATCHED REAL ADDR
[thin] 12:26:44.001 File:creadcfg.c Line:263 # server[0] = [10.213.72.11]
[thin] 12:26:44.001 File:acinit.c Line:271 # Not a multihomed machine, will use result of GetMyHostAddress()
[thin] 12:26:44.001 File:loadbal.c Line:449 # set_run_priorities() using server 0 10.213.72.11 ACTIVE? on 0.0.0.0 priority 10
[thin] 12:26:44.001 File:acnetsub.c Line:354 # SendToServers(): autodetecting 0 (10.213.72.11)
After check all the host/dns related file, the problem lies in /etc/hosts. I had:
127.0.0.1 myhost.domain myhost
After change it to the real address, problem resolve. And here's the new log:
[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[0] = [10.213.72.11]
[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[1] = [10.213.72.12]
[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[2] = [10.213.9.10]
[thin] 12:27:28.475 File:acinit.c Line:271 # Not a multihomed machine, will use result of GetMyHostAddress()
[thin] 12:27:28.475 File:loadbal.c Line:449 # set_run_priorities() using server 0 10.213.72.11 ACTIVE? on 10.213.72.11 priority 10
[thin] 12:27:28.475 File:acnetsub.c Line:295 # SendToServers(): sending to address 10.213.72.11
Console login
Could not login to console, got error in /var/log/secure:
Nov 30 13:11:52 newbisweb01-man login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !
Nov 30 13:12:00 newbisweb01-man login: FAILED LOGIN 1 FROM (null) FOR root, Authentication failure
By adding tty1 to /etc/securetty, problem solved. Apprently, the console is "tty1" not console.
No comments:
Post a Comment