search

microsoft / omi

Open Management Infrastructure
Other
360 stars 114 forks source link

[SLES 15] pam_warn(omi:session) message flood #712

Open mzima opened 2 years ago

mzima commented 2 years ago

We are using the omi-1.6.8-1 RPM package on SLES 15.3 and our journald message facility gets flooded with this kind of pam_warn / pam_sm_close_session messages:

2021-12-29T11:16:23.008028+01:00 l9800022 omiserver: pam_warn(omi:session): function=[pam_sm_close_session] flags=0x8000 service=[omi] terminal=[] user=[dummyuser] ruser=[<unknown>] rhost=[<unknown>]

The reason for this message is that session handling currently is not defined in /etc/pam.d/omi:

#%PAM-1.0
# The configuration of omi is generated by the omi installer.
auth        requisite   pam_nologin.so
auth        include     common-auth
account     requisite   pam_nologin.so
account     include     common-account

The session message from omiserver is therefore handeld by /etc/pam.d/other which makes use of pam_warn.so (SLES default):

#%PAM-1.0
auth     required       pam_warn.so
auth     required       pam_deny.so
account  required       pam_warn.so
account  required       pam_deny.so
password required       pam_warn.so
password required       pam_deny.so
session  required       pam_warn.so
session  required       pam_deny.so

The pam_sm_close_session use itself was introduced by this commit a couple of years ago:

Can please someone have a look at this issue? Our current workaround is to modify the /etc/pam.d/other file, but our expectation would be that the omi PAM file should take care of session handling.

Cheers, Martin

JumpingYang001 commented 2 years ago

@mzima we will check it, and if any update will let you know, thanks.

eeagle commented 1 year ago

The same problem exists under SLES12SP5.

@mzima How did you change the /etc/pam.d/other file?

mzima commented 1 year ago

@eeagle I changed it manually.

eeagle commented 1 year ago

etc/pam.d/other

@mzima I mean how looks your /etc/pam.d/other-Fix in the File ;-)

mzima commented 1 year ago

@eeagle

You have to remove or comment the "session required pam_warn.so" line:

#%PAM-1.0
auth     required       pam_warn.so
auth     required       pam_deny.so
account  required       pam_warn.so
account  required       pam_deny.so
password required       pam_warn.so
password required       pam_deny.so
#session  required       pam_warn.so
session  required       pam_deny.so

That's all :)

eeagle commented 1 year ago

@eeagle

You have to remove or comment the "session required pam_warn.so" line:

#%PAM-1.0
auth     required       pam_warn.so
auth     required       pam_deny.so
account  required       pam_warn.so
account  required       pam_deny.so
password required       pam_warn.so
password required       pam_deny.so
#session  required       pam_warn.so
session  required       pam_deny.so

That's all :)

Thank you :-)