-
Title
After updating systemd to version 246.16-150300.7.39.1.x86_64 on SLES 15 users cannot authenticate. FAILURE: 604 /etc/pam.d/common-auth does not appear to be configured to use SAS. -
Description
After updating systemd to version 246.16-150300.7.39.1.x86_64 on SLES 15 users cannot authenticate.
vastool status shows:
FAILURE: 604 /etc/pam.d/common-auth does not appear to be configured to use SAS.The systemd update is removing pam configurations.
Example:
zypper install systemd
The following NEW package is going to be installed:
systemd-lang
The following 3 packages are going to be upgraded:
systemd systemd-sysvinit udev
You can see when it's upgrading systemd it gets into the PAM configurations:
Installing: systemd-246.16-150300.7.39.1.x86_64
Additional rpm output:
warning: /etc/pam.d/systemd-user created as /etc/pam.d/systemd-user.rpmnew
common-auth-pc: Unknown module pam_vas3.so, ignored!
common-auth-pc: Unknown module pam_vas3.so, ignored!
Immediately after this, the PAM files are altered.
For example common-auth-pc goes from this:
auth required pam_env.so
auth sufficient pam_vas3.so create_homedir get_nonvas_pass
auth requisite pam_vas3.so echo_return
auth required pam_unix.so try_first_pass use_first_pass
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
To this:
auth required pam_env.so
auth required pam_unix.so try_first_pass -
Cause
The systemd update is removing pam configurations. -
Resolution
Run the following command to restore the Safeguard Authentication Services PAM configurations:
/opt/quest/bin/vastool configure pam