Open InformTechPro opened 2 years ago
JumpingYang001
commented
2 years ago @InformTechPro it is a message logged by system, since /etc/pam.d/omi sets omi user as a nologin user, that means no one should login as omi user. The message means someone want to login with omi user and system logs it.
InformTechPro
commented
2 years ago @JumpingYang001 Do we have any option(s) to trace which service triggers the operation?
JumpingYang001
commented
2 years ago @InformTechPro need some time to investigate, if find something will update you, thanks.
InformTechPro
commented
2 years ago @JumpingYang001 We deleted/commented the line:”account required pam_nologin.so” in /etc/pam.d/omi. No longer seeing “pam_lologin(omi:account)” messages generated in /var/log/secure log, but continue to monitor.
Red Hat 7.9 servers are logging "omiserver pam_nologin(omiaccount): conversation failed" and "pam_nologin(omiaccount):conversation failed errors. The errors reference omiserver processname and authpriv facility. Please help clarify the impact of the error on omi functionality as well as corrective function to address the error. We checked /etc/pam.conf configuration file, but it's blank.