centos 7 crond 密码过期
centos 7 crond expired password
我是 CentOS 的新手,每当我尝试重新启动 puppet 服务 - pe-puppetdb、pe-puppetserver 等时,我都会收到以下错误:
Jun 23 04:03:01 abc.xyz.com crond[12117]: pam_unix(crond:account): expired password for user root (root enforced)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) PAM ERROR (Authentication token is no longer valid; new one required)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
以下是 /etc/pam 中的条目。d/crond:
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
我假设这里需要做两件事:
- 为 crond 用户重置密码(使用 passwd 命令)
- 确保密码永不过期
我在这里 https://www.centos.org/forums/viewtopic.php?t=17634 找到了一个解决方案,但由于 post 已有 6 年历史,所以我想知道是否还有其他方法可以解决该问题。
请指教
编辑 - 我什至尝试更改 crond 用户的密码但出现以下错误:
[root@abc ~]# chage -l crond
chage: user 'crond' does not exist in /etc/passwd
[root@abc ~]# chage -M 99999 -m 99999 crond
chage: user 'crond' does not exist in /etc/passwd
Edit2 - 在 /etc/pam.d/crond 中添加了以下行并启动了 puppetdb 服务:
account sufficient pam_succeed_if.so uid = 0
服务仍然没有启动并出现以下错误 (journalctl -xe):
-- Unit session-11.scope has begun starting up.
Jun 23 10:28:01 abc.xyz.com CROND[30598]: (root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)
Jun 23 10:28:02 abc.xyz.com systemd[1]: Removed slice user-0.slice.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has finished shutting down.
Jun 23 10:28:02 abc.xyz.com systemd[1]: Stopping user-0.slice.
-- Subject: Unit user-0.slice has begun shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has begun shutting down.
Jun 23 10:28:05 abc.xyz.com amazon-ssm-agent[845]: 2017-06-23 10:28:05 ERROR [instanceID=i-0a9865085e27f6862] [MessageProcessor] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::045981373300:assumed-role/ServerLabServer/i-0a9865085e27f6862 is not authorized to perform: ssm:ListInstanceAssociations on resource: arn:aws:ec2:ap-southeast-1:045981373300:instance/i-0a9865085e27f6862
问题在初始错误中有很好的描述。 crond 使用的用户 root 的密码已过期。
使用 sudo chage -l root 检查密码状态。如果密码已过期,请使用sudo passwd 更改密码。您还可以使用 sudo chage root.
更改过期设置
我是 CentOS 的新手,每当我尝试重新启动 puppet 服务 - pe-puppetdb、pe-puppetserver 等时,我都会收到以下错误:
Jun 23 04:03:01 abc.xyz.com crond[12117]: pam_unix(crond:account): expired password for user root (root enforced)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) PAM ERROR (Authentication token is no longer valid; new one required)
Jun 23 04:03:01 abc.xyz.com crond[12117]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
以下是 /etc/pam 中的条目。d/crond:
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
我假设这里需要做两件事:
- 为 crond 用户重置密码(使用 passwd 命令)
- 确保密码永不过期
我在这里 https://www.centos.org/forums/viewtopic.php?t=17634 找到了一个解决方案,但由于 post 已有 6 年历史,所以我想知道是否还有其他方法可以解决该问题。
请指教
编辑 - 我什至尝试更改 crond 用户的密码但出现以下错误:
[root@abc ~]# chage -l crond
chage: user 'crond' does not exist in /etc/passwd
[root@abc ~]# chage -M 99999 -m 99999 crond
chage: user 'crond' does not exist in /etc/passwd
Edit2 - 在 /etc/pam.d/crond 中添加了以下行并启动了 puppetdb 服务:
account sufficient pam_succeed_if.so uid = 0
服务仍然没有启动并出现以下错误 (journalctl -xe):
-- Unit session-11.scope has begun starting up.
Jun 23 10:28:01 abc.xyz.com CROND[30598]: (root) CMD (/var/awslogs/bin/awslogs-nanny.sh > /dev/null 2>&1)
Jun 23 10:28:02 abc.xyz.com systemd[1]: Removed slice user-0.slice.
-- Subject: Unit user-0.slice has finished shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has finished shutting down.
Jun 23 10:28:02 abc.xyz.com systemd[1]: Stopping user-0.slice.
-- Subject: Unit user-0.slice has begun shutting down
-- Defined-By: systemd
--
-- Unit user-0.slice has begun shutting down.
Jun 23 10:28:05 abc.xyz.com amazon-ssm-agent[845]: 2017-06-23 10:28:05 ERROR [instanceID=i-0a9865085e27f6862] [MessageProcessor] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::045981373300:assumed-role/ServerLabServer/i-0a9865085e27f6862 is not authorized to perform: ssm:ListInstanceAssociations on resource: arn:aws:ec2:ap-southeast-1:045981373300:instance/i-0a9865085e27f6862
问题在初始错误中有很好的描述。 crond 使用的用户 root 的密码已过期。
使用 sudo chage -l root 检查密码状态。如果密码已过期,请使用sudo passwd 更改密码。您还可以使用 sudo chage root.