Getting Error "cannot make/remove an entry for the specified session" after setting up pam_tty_audit.so with default settings
Environment
Red Hat Enterprise Linux 7
Issue
When trying to log in after adding the pam_tty_audit.so module to your pam stack, you get the error:
cannot make/remove an entry for the specified session
This error is caused by the kernel parameter audit being set to 0.
Resolution
We can use the sysctl command to check what kernel parameters we have active:
sudo sysctl -a | grep audit
This will return either audit=1 or audit=0. If it returns nothing, it is unset. If it returns a value of audit=0 it can be changed via the configuration files in /etc/sysctl.d/99-custom.conf. More information on these files and how to change them are here.
Root Cause
The pam module pam_tty_audit.so relies on the kernel parameter audit=1 or the parameter being unset (default). It can not be audit=0 (auditing off) or it will return an error and not let anyone log in. When an administrator wants to disable audit completely and suppress audit messages from appearing in journal they may set audit=0 as kernel parameter.
Diagnostic Steps
When trying to log in after setting up pam_tty_audit.so you get the error:
cannot make/remove an entry for the specified session
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments