Password authentication not working properly on Exadata Compute/Database Nodes
(Doc ID 2886834.1)
Last updated on JUNE 27, 2023
Applies to:
Linux OS - Version Oracle Linux 7.0 with Unbreakable Enterprise Kernel [3.8.13] to Oracle Linux 7.9 with Unbreakable Enterprise Kernel [5.4.17] [Release OL7 to OL7U9]Generic Linux
Symptoms
Issue is that while logging to Exadata compute/database server via putty, it is allowing logins to the server with any keystroke regardless of right and wrong password
Errorr "access denied" asserted only when trying to enter without pressing any key.
Environments Details:
Oracle Linux Server release 7.9
Exadata Image Version 21.2.12.0.0.220513
Kernel Version 4.14.35-2047.511.5.5.1.el7uek.x86_64
Uptrack kernel version: 4.14.35-2047.512.6.el7uek.x86_64
Changes
PAM Modules (pam_succeed_if.so and pam_deny.so) which authenticate/validate user access have been disabled.
Issue was noticed post Exadate image upgrade. However, looking at backup file created by upgrade process, it appears that the problem was present even before.
Even in backup file specified modules invocation was commented-out.
<<<
$ ls -la password-auth.backupByExadata
-rwxrwxrwx 1 oracle dba 1282 Jul 22 05:25 password-auth.backupByExadata
$ cat password-auth.backupByExadata
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_unix.so try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet <<---------- commented-out in backup file also
auth sufficient pam_ldap.so use_first_pass
#auth required pam_deny.so <<---------- commented-out in backup file also
<skipped>
>>>
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |