Layer7 Privileged Access Management

Expand all | Collapse all

After install CA PIM agent 12.8 SP1, linux regular users cannot login

Jump to Best Answer
  • 1.  After install CA PIM agent 12.8 SP1, linux regular users cannot login

    Posted 02-26-2018 01:14 PM
    Hi Gurus,
    Regular users cannot login to the linux server, only root can
    Doing a diff command on /etc/pam.d files password-auth-cm and system-auth-cm before and after CA PIM agent Installation I see several lines that was inserted by CA PIM.
    auth       optional     pam_seos.so
    account    optional     pam_seos.so
     password  sufficient  pam_seos.so
    session    optional     pam_seos.so
    If I deleted these lines, I get again access to the server not only with root user.
    Regards


  • 2.  Re: After install CA PIM agent 12.8 SP1, linux regular users cannot login

    Posted 02-26-2018 02:02 PM

    Hi Sergio,

     

    Do you have SELinux enabled on the affected server? We have seen issues in the past where SELinux running concurrently with PIM can cause issues logging in. If it is enabled, I would suggest going to /opt/CA/AccessControl/lbin and running sshd_policy.sh to test if that resolves your issue.

     

    If that does not work, or if SELinux is not enabled on the server, than it is likely an issue with a rule in seosdb. After a user fails to log into the server, what does the seaudit output show?

     

    Thanks,

    Brian Rehder

    CA Support Engineer



  • 3.  Re: After install CA PIM agent 12.8 SP1, linux regular users cannot login

    Posted 02-26-2018 02:32 PM

    Thanks Brian.. but no, SElinux is not enable, the Linux servers (RHEL 7) have applied CIS L1 hardening..

    We have no any rule enable.. either CA PIM agent running or not, cannot login..



  • 4.  Re: After install CA PIM agent 12.8 SP1, linux regular users cannot login
    Best Answer

    Posted 02-27-2018 04:37 PM

    The CIS L1 hardening is causing the issue with the PAM stack, please open an issue so we can investigate the root cause. When you open the case, please include any documentation you used to perform the CIS L1 hardening. In addition, please use the command `ssh -v USER@SERVER` to perform a debug SSH connection to reproduce the issue, this way we can see where it is failing.



  • 5.  Re: After install CA PIM agent 12.8 SP1, linux regular users cannot login

    Posted 02-27-2018 04:49 PM

    Thanks Brian.. I will open a case.