我正在努力解决RHEL 7中的错误。我有一个REHL Image,只能通过SSH密钥访问,而无需用户/密码凭据。
为了防止90天后密码更新过程(使用SSH密钥无法实现),我在etc / pam.d / password-auth中添加了no_pass_expiry
但是当我尝试sudo时,我收到以下错误
pam.d]$ sudo su -
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
这只发生在90天之后。
您的密码可能已过期。例如...这里是一个过期用户的sudo:
[user@server ~]$ sudo whoami
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization
[user@server ~]$
[user@server ~]$ chage -l user
Last password change : May 07, 2018
Password expires : Aug 05, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 10
现在,如图所示,在重置过期标志后,sudo按预期工作:
[root@server]# chage -m 0 -M 99999 -I -1 -E -1 user
[root@server]# chage -l user
Last password change : May 07, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 10
[user@server ~]$ sudo whoami
root
您可以通过检查类似的消息来确认/var/log/secure,如下所示:
Feb 27 16:59:14 server sudo: pam_unix(sudo:account): expired password for user user (password aged)
Feb 27 16:59:14 server sudo: user : TTY=pts/0 ; PWD=/home/user ; USER=anotheruser ; COMMAND=/usr/bin/whoami