Can't log in as root when require_auditd is set in PAM configuration files (sshd and login)

Solution Verified - Updated -

Issue

When adding the following to /etc/pam.d/sshd:

session required pam_loginuid.so require_auditd

root can't login via ssh anymore, with the following messages logged in /var/log/secure:

Aug 27 16:46:17 rhel6 sshd[1654]: Accepted password for root from ::1 port 47123 ssh2
Aug 27 16:46:17 rhel6 sshd[1654]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 27 16:46:17 rhel6 sshd[1654]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Aug 27 16:46:17 rhel6 sshd[1654]: Received disconnect from ::1: 11: disconnected by user

Login via sshd works fine when require_auditd is not present in sshd's PAM configuration file.

auditd is running at the time of the tests.

Environment

  • Red Hat Enterprise Linux 6
  • auditd managed by upstart instead of rc scripts

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.