我在REHL 7中遇到错误。 我有一个REHL Image女巫,只能通过SSH密钥来访问,而没有用户/密码凭据。
为防止密码在90天后更新(SSH密钥无法完成),我在etc / pam.d / password-auth中添加了no_pass_expiry
但是当我尝试sudo时,我收到以下错误
pam.d]$ sudo su -
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
这只会在90天后发生。
答案 0 :(得分:0)
您的密码可能已过期。例如...这是具有过期用户的sudo:
[user@server ~]$ sudo whoami
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
[user@server ~]$
[user@server ~]$ chage -l user
Last password change : May 07, 2018
Password expires : Aug 05, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 10
现在,如图所示,重置过期标志后,sudo可以按预期工作:
[root@server]# chage -m 0 -M 99999 -I -1 -E -1 user
[root@server]# chage -l user
Last password change : May 07, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 10
[user@server ~]$ sudo whoami
root
您可以通过检查与以下所列类似的消息来确认/var/log/secure上的消息:
Feb 27 16:59:14 server sudo: pam_unix(sudo:account): expired password for user user (password aged)
Feb 27 16:59:14 server sudo: user : TTY=pts/0 ; PWD=/home/user ; USER=anotheruser ; COMMAND=/usr/bin/whoami
答案 1 :(得分:0)
确保 SELinux 是否在强制执行,/etc/shadow的上下文标签正确。运行restorecon /etc/shadow将解决此问题。