PAM issue not sure where to put this question

Latest response

running into an issue where I get
Changing password for user mpb.
passwd: Module is unknown

trace of my login attempt:
Apr 12 08:59:39 SDSVR sshd[6777]: User jsp not allowed because shell /home/jsp:/bin/bash does not exist
Apr 12 09:00:06 SDSVR passwd[6779]: PAM unable to dlopen(/usr/lib64/security/pam-cracklib.so): /usr/lib64/security/pam-cracklib.so: cannot open shared object file: No such file or directory
Apr 12 09:00:06 SDSVR passwd[6779]: PAM adding faulty module: /usr/lib64/security/pam-cracklib.so
Apr 12 09:00:06 SDSVR passwd[6779]: PAM pam_parse: expecting return value; [...sufficent]

vi password-auth-ac
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so

account [default=bad success=ok user_unknown=ignore] pam_sss.so

account required pam_permit.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_typ=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok

password sufficient pam_sss.so use_authtok

password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so

Not sure where to look next ?

Responses

You may want to see this solution article for possible fixes.

Not sure if this is part of the issue, but it looks like you may have an extra colon in your /etc/password for user "jsp".

Apr 12 08:59:39 SDSVR sshd[6777]: User jsp not allowed because shell /home/jsp:/bin/bash does not exist

It looks like there is a colon in the name portion, since the home section and the shell section are combined. Here is a correct entry in /etc/password

ra:x:1000:1000:Rescue Account:/home/ra:/bin/bash 

An entry like this will produce the error message above.

ra:x:1000:1000:Rescue:Account:/home/ra:/bin/bash