error: PAM: User account has expired for wlin from hongkong.test.org - why?
Predrag Zecevic [Unix Systems Administrator]
Predrag.Zecevic at 2e-systems.com
Tue Apr 1 04:58:59 EDT 2014
On 04/ 1/14 10:54 AM, Wendy Lin wrote:
> On 1 April 2014 10:29, Predrag Zecevic [Unix Systems Administrator]
> <Predrag.Zecevic at 2e-systems.com> wrote:
>> On 04/ 1/14 10:16 AM, Wendy Lin wrote:
>>> On 18 March 2014 22:11, Wendy Lin <wendlin1974 at gmail.com> wrote:
>>>> Can anyone explain this pam error to me? I have configured a machine
>>>> (192.168.2.105) as Kerberos5 client on Suse 12.3 via yast talking to
>>>> the kdc at 192.168.2.98 and now get this error on the client if I try
>>>> to log in via ssh:
>>>>
>>>> 2014-03-18T22:04:20.877103+01:00 susevm001 sshd[2567]: error: PAM:
>>>> User account has expired for wlin from hongkong.test.org
>>>> 2014-03-18T22:04:20.879799+01:00 susevm001 sshd[2567]: Connection
>>>> closed by 192.168.2.98 [preauth]
>>>> 2014-03-18T22:04:29.760068+01:00 susevm001 sshd[2571]: error: PAM:
>>>> User account has expired for wlin from nexentapuzzle.nrubsig.org
>>>
>>> Anyone?
>>>
>>> Wendy
>> Hi Wendy,
>>
>> I would check if user account is not locked or it has valid, not expired password on system (/etc/shadow)
>
> I already did, and the Unix account itself is fine. The problem
> started when I added the Kerberos5 auth to the mix
>
> Wendy
>
Hi,
so, then I would double check ssh configuration (if includes GSSAPI directives), first on client side and then on server.
Also, set debug on and check corresponding log files:
a) sshd_config: "LogLevel DEBUG"
b) /etc/krb5.conf (or specific location):
[appdefaults]
pam = {
debug = false
...
I wish you luck.
Regards.
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zecevic at 2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
I did this 'cause Linux gives me a woody. It doesn't generate revenue. -- Dave '-ddt->` Taylor, announcing DOOM for Linux
More information about the Kerberos
mailing list