You are not allowed to access to (crontab) because of pam configuration.

PD Donut Guy with ShadowHey look a real live Linux post.

Sure enough, and right as rain I am back with something that is not about networking (yeah!) and not about Solaris (boo!).

This is a short story about how we had a user who was a member of our database team who was attempting to make modifications to the oracle user’s crontab. They kept running into the error below.

Authentication token expired
You (oracle) are not allowed to access to (crontab) because of pam configuration.

Remembering that the oracle account is a special account without a password, or the ability to login, I figured that it had something to do with the fact the lack or password or something related.

I used the chage command to determine that while the password was not expired, rather that the account was considered inactive. Probably due to the fact that we locked down login permissions for service users on this box, but did not take into account that this user needed to login from time to time to keep the account from becoming inactive.

# chage -l oracle
Last password change                                    : Mar 25, 2013
Password expires                                        : Apr 22, 2013
Password inactive                                       : May 06, 2013
Account expires                                         : never
Minimum number of days between password change          : 7
Maximum number of days between password change          : 28
Number of days of warning before password expires       : 7

Now whats funny about this issue is that its pretty much a time bomb waiting to go off. You lock down logins for service accounts and forget to modify the inactive or expiration dates, and some day in the near future your users cron jobs will stop running, which possibly could cause all hell to break loose depending on whats running out of cron.

The fix is as follows.

# chage -I -1 -m 0 -M 99999 -E -1 oracle

Then use chage again to check out the sexy new settings

# chage -l oracle
Last password change                                    : Mar 25, 2013
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Related articles

HomeLab: Simple SSH Setup on a Cisco Router
HomeLab: Cisco 2621 Router Password Recovery/Factory Reset
chkcrontab 1.6
How to Use Cron to Automate Tasks on a VPS

Vmware VCenter Virtual Appliance – Death to Windows.. I think.

6a00d8341c77ee53ef01630028e663970dI am, and have always been, a Linux/Unix Administrator, until VMware forced me to learn a bit of Windows.

This, above all, has been the very WORST part about Vmware. Just to run Virtual Center, I had to BUY Windows, I had to Install Windows, and I had to try to learn Windows.  Oh, and then I had to slap some sort of virus protection on it, and figure out how to patch it. And then worst of all try to authenciate to it, as I am not administering Active Directory. No, I use Openldap, as any Linux/Unix admin would.

Then on top of that I needed Windows to even run the VCenter Client and Connect to my VCenter Server.  Well hell, I don't run Windows, not even on my desktop, not even on my laptop… not at home and not in the office. Its been this way for 5 years and VMware, is not going to make me change this.

Now, flash forward to VSphere 5.1, and low and behold, what is this. A real, fully functioning, web client for VCenter. Ok now we are getting somewhere. Now, I have not had a ton of experience with it, but my first impressions are pretty good. Its flashy, its fast, and it appears to be fully functioning.

To further make my day, the Vmware VCenter Appliance is now no longer beta (this is probably old news to most). For those who are not in the know, its Linux (albeit Suse).  So I am downloading it now and am going to give it a spin. How fully functioning is it… I have no idea. Do I need a database somewhere or does it have one built in? I do know it can connect to oracle, which is really neat, but not as neat as postgres or mysql. Also, how awesome would it be if I could configure the thing to use Openldap for auth?

Dunno all the answers yet, but I should have more insight on the topic soon, so stand by.

 

Related articles

vCenter Server 5: Important Tip while Installation