Password authentication not working properly on Exadata Compute/Database Nodes (Doc ID 2886834.1)

Last updated on JUNE 27, 2023

Applies to:

Symptoms

Issue is that while logging to Exadata compute/database server via putty, it is allowing logins to the server with any keystroke regardless of right and wrong password
Errorr "access denied" asserted only when trying to enter without pressing any key.

Environments Details:

Oracle Linux Server release 7.9

Exadata Image Version 21.2.12.0.0.220513

Kernel Version 4.14.35-2047.511.5.5.1.el7uek.x86_64

Uptrack kernel version: 4.14.35-2047.512.6.el7uek.x86_64

Changes

PAM Modules (pam_succeed_if.so and pam_deny.so) which authenticate/validate user access have been disabled.

Issue was noticed post Exadate image upgrade. However, looking at backup file created by upgrade process, it appears that the problem was present even before.

Even in backup file specified modules invocation was commented-out.

<<<

$ ls -la password-auth.backupByExadata
-rwxrwxrwx 1 oracle dba 1282 Jul 22 05:25 password-auth.backupByExadata

$ cat password-auth.backupByExadata
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_unix.so try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet <<---------- commented-out in backup file also
auth sufficient pam_ldap.so use_first_pass
#auth required pam_deny.so <<---------- commented-out in backup file also

<skipped>

>>>

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.