PAM Authentication / Login

4

1

I'm having a little issue on Ubuntu where any commands that require root privileges takes longer to execute than normal. I managed to identify the culprit to the cause after checking my /var/log/auth.log and I believe it's to do with krb5 PAM for authentication.

Not too long ago I had recently installed SLiM, a Simple Login Manager for Ubuntu, which requires the use of PAM to authenticate login to a user account from the main login screen. I just trying to figure out how I can only have PAM Authentications just for the main login screens and not the whole system, because any time I want to run sudo from Terminal or an authentication dialogue comes up for me to enter passwords it takes up to 1-2 minutes just to authenticate a given command or task.

Is there any specific pam_krb5 packages I could safely remove that I don't really need to fix this or…?

here's a little paste out of my auth logs.

Jan 31 15:43:59 VAIO polkit-agent-helper-1[26330]: pam_krb5(polkit-1:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty= ruser=alkaris rhost=

Jan 31 15:44:00 VAIO polkit-agent-helper-1[26330]: pam_ecryptfs: pam_sm_authenticate: /home/alkaris is already mounted

Jan 31 15:48:42 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:48:43 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:51:43 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 15:51:46 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:51:46 VAIO su[26595]: pam_unix(su:session): session opened for user root by alkaris(uid=0)

Jan 31 15:52:26 VAIO su[26595]: pam_unix(su:session): session closed for user root

Jan 31 15:52:26 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 15:53:56 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:54:05 VAIO sudo: pam_unix(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost= user=alkaris

Jan 31 15:54:18 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:55:33 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:56:55 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 16:09:01 VAIO CRON[26694]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:09:02 VAIO CRON[26694]: pam_unix(cron:session): session closed for user root

Jan 31 16:17:01 VAIO CRON[26821]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:17:01 VAIO CRON[26821]: pam_unix(cron:session): session closed for user root

Jan 31 16:39:01 VAIO CRON[26956]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:39:01 VAIO CRON[26956]: pam_unix(cron:session): session closed for user root

if you need a print out of what I currently have installed, package-wise of PAM Authentication I can post them.

theguest

Posted 2014-01-31T06:24:13.297

Reputation: 41

So is everyone clueless on this or what? How do I remove PAM from being system-wide instead of just for login purposes? – theguest – 2014-02-04T13:26:41.063

Answers

1

Actually, PAM is always enabled, but you can use different auth modules for different services.

If pam_krb5 isn't being used at all and is the cause of the problems, you can remove it (or comment it) from /etc/pam.d/common-auth. pam_unix.so is the default pam auth module.

Make a backup of the common-auth file and leave open a root shell while testing so you can restore if needed. Making a mistake in this file WILL lock you out of your machine.

AlexKing

Posted 2014-01-31T06:24:13.297

Reputation: 66

Asked: 2014-01-31T06:24:13.297

Viewed: 3 434 times

Active: 2014-12-19T22:46:36.640