zoukankan      html  css  js  c++  java
  • Linux: Authentication token is no longer valid

    遇见问题:

    [oracle@sxty-jkdb-184:/u01/rman]crontab -l

    Authentication token is no longer valid; new one required
    You (oracle) are not allowed to access to (crontab) because of pam configuration.

    PAM Configuration

    The /etc/pam.d/ directory contain the PAM configuration files for each PAM-aware application.Each service has file in the /etc/pam.d which has the same name as the service.

    For Instance, the crond service pam file is below:

    [root@sxty-jkdb-184 pam.d]# more /etc/pam.d/crond  
    #
    # The PAM configuration file for the cron daemon
    #
    #
    # No PAM authentication called, auth modules not needed
    account    required   pam_access.so
    account    include    password-auth
    session    required   pam_loginuid.so
    session    include    password-auth
    auth       include    password-auth

    PAM Configuration File Format

    Module_interface control_flag module_name module_argument

    1. account required pam_access.so
    2. account include password-auth
    3. session required pam_loginuid.so
    4. session include password-auth
    5. auth include password-auth

    Module_interface: 
    auth: This module interface authenticates use. For example, it request and verifies the validity of a password. 
    account: This module interface verified whether the access is allowed. For example, it check if a user account has expired of if a user is allowed to log in at a partical time of day. 
    password: This module interfce is used to changing user passwords. 
    session:This module interface configure and manager user sessions.

    PAN Control Flag: 

    required:The module result must be successful for authentication to continue. If the test fails at this point, the users will not be notified. 
    requisite:Unlike required,if the test fails, the user will be notified immediately with a message reflectin the first failed required or requisite module test. 
    optional:The result is ignored. 
    include:Unlike the other controls,it does not relate to how the module result is handled.

    Solution

    Because the crond service must authenticate the user’s password. 
    So we can check the user password information:

    chage -l oracle
    Last password change                                    : Jun 29, 2016
    Password expires                                        : Sep 27, 2016
    Password inactive                                       : never
    Account expires                                         : never
    Minimum number of days between password change          : 0
    Maximum number of days between password change          : 90
    Number of days of warning before password expires       : 7

    If you find the password has expired, you can change the password and set the maxdays to 9999.

    1. password username:
    2. Command : chage -M 9999 username

    After that ,you can check if the file /etc/shadow has updated the maxdays for the specified user.Just like this:

    oracle:$6$ekeLH8BN$jMHTbAD93/tshRAXLT8C4yXhLLKjGO/uD2XlYTGY5FEutldUMIc2yBMRkR.JSvoJi9h0d/rRVwtfG8XJWhco.1:17266:0:9999:7:::
    grid:$6$SxaJT4Oo$ywpu/7nAEAuml1pGr7KVNiOjjEiJ/JBJFW3.cEwog2Wuy2pAetL0geWz.xc3krgX1Bs69K55pTUHH305xSScG1:17266:0:9999:7:::

  • 相关阅读:
    ubuntu中apt-get安装与默认路径
    css计数器
    jq实现多级菜单
    video文件格式说明(笔记)
    css文字闪烁效果
    video设置视频的播放位置(本例中实现效果是视频第一次播放完成后,接下来中从视频的中间部位开始循环播放)
    css3鼠标经过出现转圈菜单(仿)
    jq弹框 (1)内容自适应宽度 2(内容框显示,几秒后自动消失)
    jq实现 元素显示后 点击页面的任何位置除元素本身外 隐藏元素
    nginx https配置记录
  • 原文地址:https://www.cnblogs.com/likingzi/p/6691320.html
Copyright © 2011-2022 走看看