SUSE Support

Here When You Need Us

login fails after upgrade from SLES 11 SP4 or older SLES 12 to newer SLES version

This document (000019703) is provided subject to the disclaimer at the end of this document.

Environment

​​​​​SUSE Linux Enterprise Server SLES 15

Situation

Users cannot login to the system after upgrading from SLES 11 SP4 or older SLES 12 to a newer version of SLES.

An example for root login failure:

image.png

Resolution

There's a need to replace pam_unix2.so to pam_unix.so in module name field in PAM configuration.
 

No login works after boot

If no login works after boot then reboot the system and boot it with following kernel boot parameters:
  
rd.break=initrd-switch-root rw

Since there's no PAM configuration in initramfs the problem related to pam_unix2.so won't be effective, but one still needs root password to enter dracut shell. The root filesystem after login as root into dracut shell will be mounted r/w at /sysroot. The following command would replace pam_unix2.so to pam_unix.so in root filesystem:
  
/sysroot/usr/bin/grep -lR pam_unix2.so /sysroot/etc/pam.{conf,d/} | /sysroot/usr/bin/xargs -I '{}' /sysroot/usr/bin/sed -i 's/pam_unix2.so/pam_unix.so/' '{}'


Then typing 'exit' would make the boot continue and work as expected.
 


From a working system


PAM switch from pam_unix2 to  pam_unix as this :
  
find /etc/pam.d/ -type f -exec sed -i -e "s/pam_unix2/pam_unix/g" {} \;

Cause

  1. The cause is related to switch from pam_unix2.so, which is deprecated and has issues with systemd, to pam_unix.so PAM module.

An example from logs about root login failure related to pam_unix2.so: 
2022-05-11708:49:22.211930+02:00 linux login: PAM unable to dlopen(/lib64/security/pam unix2.so): /lib64/security/pam unix2.so:
cannot open shared object file: No such file or directory
2022-05-11708:49:22.212093+02:00 linux login: PAM adding faulty module: /lib64/security/pam_unix2.so
2022-05-11108:49:22.217637+02:00 linux login: FAILED LOGIN SESSION FROM tty1 FOR root, Module is unknown

 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019703
  • Creation Date: 14-Sep-2020
  • Modified Date:15-Mar-2023
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center