# Can't login as root or user (only through X) [SOLVED]

## noisebleed

Hi.

Yesterday, don't know precisely when, I could not been able to login as root or user admin anymore. Weirdly the user admin is still able to login through Slim (login manager) into Fluxbox.

I don't remember to have upgraded PAM or other critical package. Current PAM packahe is 0.99.9.0 and I've followed the PAM upgrade guide before without problems.

The system accepts the change of password when I boot from LiveCD or init=/bin/bash mode but when I boot normally I can't login (through tty or ssh).

/var/log/auth.log:

```
 Mar 20 12:31:54 noisebleed login[6411]: FAILED LOGIN (1) on 'tty1' FOR `root', Authentication failure

Mar 20 12:32:00 noisebleed login[6411]: FAILED LOGIN (2) on 'tty1' FOR `root', Authentication failure

Mar 20 12:33:50 noisebleed sshd[6441]: error: PAM: Authentication failure for root from 192.168.1.116

Mar 20 12:34:02 noisebleed sshd[6447]: error: PAM: Authentication failure for admin from 192.168.1.116
```

I've already re-emerged PAM and after shadow. etc-update is ok as revdep-rebuild.

I will post here any file required.

Any kind of help would be very appreciated   :Wink: 

Thanks.Last edited by noisebleed on Mon Mar 24, 2008 11:35 am; edited 1 time in total

----------

## jpl888

Have you any files in /etc/pam.d?

----------

## noisebleed

Yes I have,

```
noisebleed ~ # tree /etc/pam.d/

/etc/pam.d/

|-- chage

|-- chfn

|-- chgpasswd

|-- chpasswd

|-- chsh

|-- cron

|-- groupadd

|-- groupdel

|-- groupmems

|-- groupmod

|-- imap

|-- imap4 -> imap

|-- imap4s -> imap

|-- imaps -> imap

|-- login

|-- newusers

|-- other

|-- passwd

|-- pop

|-- pop3 -> pop

|-- pop3s -> pop

|-- pops -> pop

|-- rexec

|-- rlogin

|-- rsh

|-- shadow

|-- slim

|-- sshd

|-- su

|-- system-auth

|-- useradd

|-- userdel

|-- usermod

|-- xlock

`-- xserver

```

I've just edited /etc/pam.d/login and /etc/pam.d/sshd:

```
#auth       required    pam_shells.so
```

And now i can login again. But why did this stopped working? I have another gentoo box and it is working flawless with the pam_shells.so line.

Question #1: what are the security issues about running this box without that option?

Question #2: is it possible to get it back again (editing somewhere else)?

----------

## jpl888

I had a few problems when cracklib became a use flag.

You could flip that flag delete the files in pam.d and re-emerge pam and shadow (be aware you may have to re-emerge other packages like openssh and mailbase).

See if that throws anything up.

----------

## noisebleed

I'm re-compilling it right now. I will report the results in a few moments...

----------

## noisebleed

Have re-emerged pam and shadow without the cracklib use flag.

Tried pam with new pam.d files and the old ones I've backed up but... still the same.

Whenever

```
auth       required    pam_shells.so
```

 is present on login and sshd files shell/ssh logins fail.

Still don't know why...

----------

## jburns

 *man pam_shells wrote:*   

> pam_shells is a PAM module that only allows access to the system if the users shell is listed in /etc/shells.
> 
>  It also checks if /etc/shells is a plain file and not world writable.
> 
> 

 

Check the contents of /etc/shells.

----------

## noisebleed

Hi jburns. Good hint.

/etc/shells only had this line:

```
/usr/sbin/jk_chroots
```

Jailkit fault.

I've added other shells so now it looks like:

```
/bin/bash

/bin/csh

/bin/esh

/bin/fish

/bin/ksh

/bin/sash

/bin/sh

/bin/tcsh

/bin/zsh

/usr/sbin/jk_chrootsh
```

Uncommented pam_shells 

```
auth       required pam_shells.so
```

 from /etc/pam.d/login and /etc/pam.d/sshd and everything is working well again. 

Thanks.

----------

