Skip to main content
Unix & Linux

Return to Revisions

7 of 8
used the source
MattBianco
MattBianco
  • 3.8k
  • 7
  • 32
  • 47

What does "Cannot make/remove an entry for the specified session" mean?

Instead of logging me in, PAM greets me with the message "Cannot make/remove an entry for the specified session" after I enter the password. What entry is it talking about (and what session)?

The string with the error message is found in libpam.so.0(.83.1).

My system is based on binaries from Fedora release 20 (Heisenburg).

How can I troubleshoot PAM to figure out what is needed to successfully login? I have no syslog (and no persistent disk, only an initramfs).

Updates:

SELinux is Disabled.

I am more than willing to replace the entire PAM config with something simple that allows login (normal user and root) on the virtual consoles only.

Source code from Linux-PAM-1.1.8, libpam/pam_strerror.c reveals that the message means PAM_SESSION_ERR.

Below are my config files based on the comment indicating /etc/pam.d/login as a starting point:

(I have also tried removing all lines containing pam_loginuid.so without any noticeable difference)

/etc/pam.d/login:

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so

/etc/pam.d/postlogin:

session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session     [default=1]   pam_lastlog.so nowtmp showfailed
session     optional      pam_lastlog.so silent noupdate showfailed

/etc/pam.d/system-auth:

auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so
password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

I have these shared PAM-related libraries:

libpam_misc.so.0
libpam.so.0
pam_access.so
pam_console.so
pam_deny.so
pam_env.so
pam_fprintd.so
pam_gnome_keyring.so
pam_keyinit.so
pam_lastlog.so
pam_limits.so
pam_localuser.so
pam_loginuid.so
pam_namespace.so
pam_nologin.so
pam_permit.so
pam_pkcs11.so
pam_pwquality.so
pam_rootok.so
pam_securetty.so
pam_selinux_permit.so
pam_selinux.so
pam_sepermit.so
pam_succeed_if.so
pam_systemd.so
pam_timestamp.so
pam_unix_acct.so
pam_unix_auth.so
pam_unix.so
pam_xauth.so

as well as these that are referenced by the above shared libraries (according to ldd):

libattr.so.1
libaudit.so.1
libcap.so.2
libcrack.so.2
libcrypt.so.1
libc.so.6
libdbus-1.so.3
libdbus-glib-1.so.2
libdl.so.2
libffi.so.6
libfreebl3.so
libgcc_s.so.1
libgio-2.0.so.0
libglib-2.0.so.0
libgmodule-2.0.so.0
libgobject-2.0.so.0
liblzma.so.5
libnsl.so.1
libnspr4.so
libnss3.so
libnssutil3.so
libpcre.so.1
libpcre.so.3
libplc4.so
libplds4.so
libpthread.so.0
libpwquality.so.1
libresolv.so.2
librt.so.1
libselinux.so.1
libsmime3.so
libssl3.so
libutil.so.1
libz.so.1
MattBianco
  • 3.8k
  • 7
  • 32
  • 47