在 centos 7 上我有以下 pam 配置:
cat /etc/pam.d/passwd
#%PAM-1.0
auth include system-auth
account include system-auth
password substack system-auth
-password optional pam_gnome_keyring.so use_authtok
password substack postlogin
和
cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow nis
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
account required pam_slurm.so
但是当我以用户身份运行“passwd”时,它会询问我当前的密码、新密码并重新输入,然后失败
passwd
Changing password for user test.
Changing password for test.
(current) UNIX password:
New password:
Retype new password:
passwd: Authentication token manipulation error
以及如何修复或调试这个问题的想法?
注意:yppasswd 工作正常,只是 passwd 失败
更新:我在不同的服务器上尝试了相同的配置,并且它可以工作。所以我认为问题出在服务器端,而不是客户端。仍然不知道如何正确调试它。