# PAM failure on a fresh install

## nempo

I recently installed the latest stage1 release on my laptop with no problems...except that it won't let me login after I reboot from the installation. 

It's obiously a pam related problem since the error message is 'PAM failure, aborting: Critical error - immediate abort'

any clues ?

----------

## Psychos

I've got the same problem after reinstalling Gentoo on my Dual-Opteron.

I can log in remote with ssh, but when I try to log in local it just ask again for username. When I use wrong password, Ill get the normal login error, but when its correct just nothing happen... only "PAM failure, aborting: Critical error - immediate abort"  :Sad: 

pls help

----------

## nempo

 *Psychos wrote:*   

> I've got the same problem after reinstalling Gentoo on my Dual-Opteron.
> 
> I can log in remote with ssh, but when I try to log in local it just ask again for username. When I use wrong password, Ill get the normal login error, but when its correct just nothing happen... only "PAM failure, aborting: Critical error - immediate abort" 
> 
> pls help

 

I'm not even asked for a password. One would think that they could provide a more descriptive error message.

----------

## Jesore

Could you please post the contents of /etc/pam.d/login . That is the corresponding file to your problems. 

Psychos, in your case I would also need /etc/pam.d/ssh. I've lately experimented with pam - maybe I can help.

Jesore

----------

## nempo

 *Jesore wrote:*   

> Could you please post the contents of /etc/pam.d/login . That is the corresponding file to your problems. 
> 
> Psychos, in your case I would also need /etc/pam.d/ssh. I've lately experimented with pam - maybe I can help.
> 
> Jesore

 

As luck has it, I don't have one(?)

Apperently it isn't provided by the packages pam or pam-login.

----------

## Jesore

Hmmm, at the moment I can't verify as I sit at work where we have debian boxes.

Does the directory exist and if, is there any file in it? Some older pam implementations used one single large config file directly in etc instead the multiple files in pam.d - maybe you should have a look there? 

In case you find nothing, I'll post again as soon as I'm at home at my beloved gentoo box. 

Jesore

----------

## garo

I have the same problem on my old laptop, here is /etc/pam.d/login:

```
auth       requisite  pam_securetty.so

auth       requisite  pam_nologin.so

auth       required   pam_env.so

auth       required   pam_unix.so nullok

account    required   pam_unix.so

session    required   pam_unix.so

session    optional   pam_lastlog.so

session    optional   pam_motd.so

session    optional   pam_mail.so standard noenv

password   required   pam_unix.so nullok obscure min=4
```

I removed all commented lines, if you also want this lines, then tell me.

Pam version: 0.75-r11

Pam_login version: 3.11

----------

## Jesore

It's just to narrow the number of possible errors, but garo could you comment out the first two lines (securetty and nologin) in case  you have false configs in /etc/securetty and /etc/nologin.

The file itself is correct (if I haven't overlooked typos).

Jesore

----------

## garo

This is really weird:

I booted from a knoppix so that i could acces the filesystem and change the file, but the file was gone !

So, i did the following thing:

-i booted a other gentoo computer

-i went to "/etc/pam.d"

-i executed the following command:

```
for i in * ; do echo -n "$i " ; epm -qf $i ; done
```

- I copied all the files from shadow and openssh to "/etc/pam.d" of my laptop

-I rebooted my laptop to gentoo

-When i tried to login, it immediatelly logged out

-I pressed the windows key to view my log (i use syslog-ng) and it tells me:

```
Dec  8 16:05:50 lap133 login(pam_unix)[901]: session opened for user root by (uid=0)

Dec  8 16:05:50 lap133 login(pam_unix)[901]: session closed for user root
```

----------

## garo

Ok, problem solved !

That "immediatelly logged out" thing was because of a error in bash, i copied bash from the knoppix cd over the bash on my laptop and now i can login. I am now going to re-emerge bash so that i don't need knoppix's bash.

----------

## nempo

I solved it..kind of... I just copied the entire pam.d dir from another gentoo machine and it worked like a charm.

----------

## Jesore

Seems to be a bug in recent ebuilds that the pam.d dir doesn't get populated. Anyone else with that experience?

Jesore

----------

## makem2003

Same to me here, i am currently investigate other posts, if I find a solution, i will post it...

Martin

----------

## makem2003

Auieeeeee  - a really stupid one...   :Embarassed: 

My /etc/pam.d -directory was empty except for one file with name sshd.

Working with my other gentoo-System I've found a solution for my problem:

```

1. reboot into boot system from the LiveCD

2. make sure you have pam in your USE-variable in /etc/make.conf

3. emerge shadow (must do!)

The following steps are probably not needed, but I did it to make sure everything is ok:

4. emerge pam 

5. emerge pam-login

6. call command passwd for root and every user on the system

7. reboot

```

OK, that worked for me...

Martin

----------

## powerman

I've installed Gentoo-1.4 from  stage1 with USE set to "-pam" (because I don't like and don't need PAM support and because this option listed in use.desc file).

But when I try to reboot and login I receive 'PAM failure, aborting: Critical error - immediate abort'. As far as I understand this mean what /sbin/login compiled with PAM support even if USE set to "-pam".

Is it possible to compile Gentoo without PAM support? If not, then this should be documented in install.xml..?

----------

## robert0380

adding pam to USE, re-building shadow, pam and pam-login fixed the problem for me too.

----------

## crowbert

Yup, I just did a fresh install and had this problem.  I always set "-pam" in my use flags because I don't like using pam.

While obviously there's a bug in the current pam (at least if you're using test packages, as I am), I would add my voice to those who feel that forcing the use of pam on every system is, itself, a bug.

----------

## Bastux

 *makem2003 wrote:*   

> Auieeeeee  - a really stupid one...  
> 
> My /etc/pam.d -directory was empty except for one file with name sshd.
> 
> Working with my other gentoo-System I've found a solution for my problem:
> ...

 

works for me too...

thank you!

----------

## mphilips

I don't and never did have pam in USE flags. I unmerged pam and pam-login, then remerged shadow (without adding pam to USE flags), and that seemed to do the trick.

----------

## odessit

the fix worked for me (pam + emerge pam...)

thanks

----------

