gdm에서 "스마트 카드 로그인 필요"를 선택했지만 인증을 위해 스마트 카드를 추가하는 것을 잊어버렸습니다. 그런 다음 LiveCD에서 부팅을 시도하고 SC 인증을 비활성화했습니다. 문제가 발생하여 이제 시스템의 어떤 사용자에게도 로그인할 수 없습니다(암호를 묻지 않고 모든 사용자에 대해 "잘못된 로그인"). /var/log/secure에서:
May 18 14:50:07 myloginname sshd[5180]: Server listening on 0.0.0.0 port 22.
May 17 14:50:07 myloginname sshd[5180]: Server listening on :: port 22.
May 17 14:50:28 myloginname polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: gkr-pam: no password is available for user
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: gkr-pam: no password is available for user
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: FAILED LOGIN SESSION FROM (null) FOR rppt, Permission denied
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: FAILED LOGIN SESSION FROM (null) FOR root, Permission denied
May 17 14:50:49 myloginname polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
May 17 14:50:51 myloginname sshd[5180]: Received signal 15; terminating.
그런데, /etc/pam.d/* 파일은 괜찮습니다. 권한도 마찬가지입니다. 도와주세요, 제발. 감사해요!
업데이트
root@kali:/media/blabla/etc/pam.d# ls -lh
total 208K
-rw-r--r--. 1 root root 272 Jan 30 2012 atd
-rw-r--r--. 1 root root 97 Feb 22 2013 authconfig
-rw-r--r--. 1 root root 97 Feb 22 2013 authconfig-gtk
-rw-r--r--. 1 root root 97 Feb 22 2013 authconfig-tui
-rw-r--r--. 1 root root 192 Nov 21 18:00 chfn
-rw-r--r--. 1 root root 192 Nov 21 18:00 chsh
-rw-r--r--. 1 root root 232 Nov 21 21:45 config-util
-rw-r--r--. 1 root root 293 Nov 21 16:19 crond
-rw-r--r--. 1 root root 71 Nov 21 16:18 cvs
-rw-r--r--. 1 root root 115 Nov 23 2010 eject
-rw-r--r--. 1 root root 71 Oct 28 2012 exim
-rw-r--r--. 1 root root 708 Nov 21 22:05 gdm
-rw-r--r--. 1 root root 480 Nov 21 22:05 gdm-autologin
-rw-r--r--. 1 root root 489 Nov 21 22:05 gdm-fingerprint
-rw-r--r--. 1 root root 701 Nov 21 22:05 gdm-password
-rw-r--r--. 1 root root 485 Nov 21 20:08 gnome-screensaver
-rw-r--r--. 1 root root 147 Oct 5 2009 halt
-rw-r--r--. 1 root root 134 Jul 8 2008 kcheckpass
-rw-r--r--. 1 root root 134 Jul 8 2008 kscreensaver
-rw-r--r--. 1 root root 70 Aug 28 2013 ksu
-rw-r--r--. 1 root root 728 Nov 21 18:00 login
-rw-r--r--. 1 root root 172 Nov 21 18:35 newrole
-rw-r--r--. 1 root root 336 May 26 2011 opcontrol
-rw-r--r--. 1 root root 154 Nov 21 21:45 other
-rw-r--r--. 1 root root 146 Feb 22 2012 passwd
lrwxrwxrwx. 1 root root 16 May 29 2013 password-auth -> password-auth-ac
-rw-r--r-- 1 root root 935 May 17 10:42 password-auth-ac
-rw-r--r--. 1 root root 155 Sep 19 2013 polkit-1
-rw-r--r--. 1 root root 147 Oct 5 2009 poweroff
-rw-r--r--. 1 root root 144 Nov 24 2010 ppp
-rw-r--r--. 1 root root 147 Oct 5 2009 reboot
-rw-r--r--. 1 root root 613 Nov 21 18:00 remote
-rw-r--r--. 1 root root 167 Nov 21 18:35 run_init
-rw-r--r--. 1 root root 143 Oct 17 2013 runuser
-rw-r--r--. 1 root root 105 Oct 17 2013 runuser-l
-rw-r--r--. 1 root root 145 Jun 3 2013 setup
-rw-r--r--. 1 root root 575 Nov 25 16:50 sshd
-rw-r--r--. 1 root root 341 Nov 25 16:50 ssh-keycat
-rw-r--r--. 1 root root 487 Oct 17 2013 su
-rw-r--r--. 1 root root 202 Nov 21 18:03 sudo
-rw-r--r--. 1 root root 187 Nov 21 18:03 sudo-i
-rw-r--r--. 1 root root 137 Oct 17 2013 su-l
lrwxrwxrwx. 1 root root 14 May 29 2013 system-auth -> system-auth-ac
-rw-r--r-- 1 root root 1.1K May 16 23:01 system-auth~
-rw-r--r-- 1 root root 1.1K May 17 08:44 system-auth-ac
-rw-r--r--. 1 root root 97 Feb 22 2013 system-config-authentication
-rw-r--r--. 1 root root 97 Jul 22 2013 system-config-date
-rw-r--r--. 1 root root 97 Feb 21 2013 system-config-kdump
-rw-r--r--. 1 root root 97 Jun 12 2013 system-config-keyboard
-rw-r--r--. 1 root root 97 Nov 24 2010 system-config-network
-rw-r--r--. 1 root root 97 Nov 24 2010 system-config-network-cmd
-rw-r--r--. 1 root root 118 Oct 18 2012 system-config-users
-rw-r--r--. 1 root root 233 Mar 31 19:00 wireshark
-rw-r--r--. 1 root root 163 Dec 23 21:36 xserver
root@kali:/media/blabla/etc/pam.d# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid
#auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
root@kali:/media/blabla/etc/pam.d# cat password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
#auth required pam_deny.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
답변1
응, 알았어! 여러분 말이 옳았습니다. 구성 파일에 대한 selinux 컨텍스트가 손상되었습니다.
그냥 실행
restorecon -Rv /etc/pam.d
signle init=/bin/bashGRUB의 단일 사용자 모드에서 . 그런 다음 재부팅하고 selinux가 파일 시스템을 자동으로 재설정할 때까지 기다립니다.
그게 다야!
업데이트: SC 인증을 비활성화하려는 경우: /etc/sysconfig/authconfig및 설정 으로 FORCESMARTCARD이동 하세요 . 안에 있는 파일을 삭제하려고 하지 마세요 ! ;)USESMARTCARDno/etc/pam.d