Can't log in as root when require_auditd is set in PAM configuration files (sshd and login)

Solution Verified - Updated -

Issue

When adding the following to /etc/pam.d/sshd:

session required pam_loginuid.so require_auditd

root can't login via ssh anymore, with the following messages logged in /var/log/secure:

Aug 27 16:46:17 rhel6 sshd[1654]: Accepted password for root from ::1 port 47123 ssh2
Aug 27 16:46:17 rhel6 sshd[1654]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 27 16:46:17 rhel6 sshd[1654]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Aug 27 16:46:17 rhel6 sshd[1654]: Received disconnect from ::1: 11: disconnected by user

Login via sshd works fine when require_auditd is not present in sshd's PAM configuration file.

auditd is running at the time of the tests.

Environment

  • Red Hat Enterprise Linux 6
  • auditd managed by upstart instead of rc scripts

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content