My Oracle Support Banner

Host Access Control Is Causing Problems Within Exadata Systems. (Doc ID 2474247.1)

Last updated on JANUARY 30, 2020

Applies to:

Exadata X6-2 Hardware - Version All Versions and later
Information in this document applies to any platform.

Symptoms

Make a change to the /etc/pam.d/system-auth and /etc/pam.d/password-auth files. This change is not liked by the host_access-control module at all.

The default line is below:
password requisite pam_passwdqc.so min=5,5,5,5,5 similar=deny
enforce=everyone max=40

Comment this line out and add the line below:


password required pam_cracklib.so debug retry=3 difok=5 minlen=12
dcredit=-1 ucredit=-2 lcredit=-2 ocredit=-2 minclass=4 maxrepeat=2
maxsequence=4 reject_username

So the 2 *-auth files look like this below:
password required pam_cracklib.so debug retry=3 difok=5 minlen=12
dcredit=-1 ucredit=-2 lcredit=-2 ocredit=-2 minclass=4 maxrepeat=2
maxsequence=4 reject_username
#password requisite pam_passwdqc.so min=5,5,5,5,5 similar=deny
enforce=everyone max=40
password sufficient pam_unix.so debug audit try_first_pass use_authtok sha512 shadow remember=10
password required pam_deny.so

Running the host_acces_control module creates an error.

#####dm01[root] /etc/pam.d # /opt/oracle.cellos/host_access_control get-runtime
[2018-08-29 09:25:56 -0400] [ERROR] [IMG-SEC-0A11] Unable to complete requested action.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.