centos 7 crond过期密码

时间:2017-06-23 08:23:10

标签: centos root pam

我是CentOS的新手,每当我尝试重启木偶服务时 - pe-puppetdb,pe-puppetserver等我都会收到以下错误:

Jun 23 04:03:01 abc.xyz.com crond[12117]: pam_unix(crond:account): expired     password for user root (root enforced)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) PAM ERROR (Authentication token is no longer valid; new one required)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)

以下是/etc/pam.d/crond中的条目:

account    required   pam_access.so
account    include    password-auth
session    required   pam_loginuid.so
session    include    password-auth
auth       include    password-auth

我认为这里有两件事需要做:

  1. 重置crond用户的密码(使用passwd命令)
  2. 确保密码永不过期

    3. 我在这里找到了一个解决方案enter image description here,但由于帖子是6岁,所以我想知道是否有其他方法可以解决问题。

    请告知。

    编辑 - 我甚至尝试更改crond用户的密码但出现以下错误:

    [root@abc ~]# chage -l crond
chage: user 'crond' does not exist in /etc/passwd
[root@abc ~]# chage -M 99999 -m 99999 crond
chage: user 'crond' does not exist in /etc/passwd

    Edit2 - 在/etc/pam.d/crond中添加了以下行并启动了puppetdb服务:

    account    sufficient pam_succeed_if.so uid = 0

    服务仍未启动并收到以下错误(journalctl -xe):

    -- Unit session-11.scope has begun starting up.
Jun 23 10:28:01 abc.xyz.com CROND[30598]: (root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)
Jun 23 10:28:02 abc.xyz.com systemd[1]: Removed slice user-0.slice.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has finished shutting down.
Jun 23 10:28:02 abc.xyz.com systemd[1]: Stopping user-0.slice.
-- Subject: Unit user-0.slice has begun shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has begun shutting down.
Jun 23 10:28:05 abc.xyz.com amazon-ssm-agent[845]: 2017-06-23 10:28:05 ERROR      [instanceID=i-0a9865085e27f6862] [MessageProcessor] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::045981373300:assumed-role/ServerLabServer/i-0a9865085e27f6862 is not authorized to perform: ssm:ListInstanceAssociations on resource:     arn:aws:ec2:ap-southeast-1:045981373300:instance/i-0a9865085e27f6862

1 个答案:

答案 0 :(得分:3)

问题在初始错误中有详细描述。用户root的密码已过期,crond使用。

使用sudo chage -l root检查密码的状态。如果密码已过期,请使用sudo passwd进行更改。您还可以使用sudo chage root更改到期设置。

相关问题
最新问题