4

I'm having a little issue on Ubuntu where any commands that require root privileges takes longer to execute than normal. I managed to identify the culprit to the cause after checking my /var/log/auth.log and I believe it's to do with krb5 PAM for authentication.

Not too long ago I had recently installed SLiM, a Simple Login Manager for Ubuntu, which requires the use of PAM to authenticate login to a user account from the main login screen. I just trying to figure out how I can only have PAM Authentications just for the main login screens and not the whole system, because any time I want to run sudo from Terminal or an authentication dialogue comes up for me to enter passwords it takes up to 1-2 minutes just to authenticate a given command or task.

Is there any specific pam_krb5 packages I could safely remove that I don't really need to fix this or…?

here's a little paste out of my auth logs.

Jan 31 15:43:59 VAIO polkit-agent-helper-1[26330]: pam_krb5(polkit-1:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty= ruser=alkaris rhost=

Jan 31 15:44:00 VAIO polkit-agent-helper-1[26330]: pam_ecryptfs: pam_sm_authenticate: /home/alkaris is already mounted

Jan 31 15:48:42 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:48:43 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:51:43 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 15:51:46 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:51:46 VAIO su[26595]: pam_unix(su:session): session opened for user root by alkaris(uid=0)

Jan 31 15:52:26 VAIO su[26595]: pam_unix(su:session): session closed for user root

Jan 31 15:52:26 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 15:53:56 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:54:05 VAIO sudo: pam_unix(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost= user=alkaris

Jan 31 15:54:18 VAIO sudo: pam_krb5(sudo:auth): authentication failure; logname=alkaris uid=1000 euid=0 tty=/dev/pts/4 ruser=alkaris rhost=

Jan 31 15:55:33 VAIO sudo: pam_unix(sudo:session): session opened for user root by alkaris(uid=0)

Jan 31 15:56:55 VAIO sudo: pam_unix(sudo:session): session closed for user root

Jan 31 16:09:01 VAIO CRON[26694]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:09:02 VAIO CRON[26694]: pam_unix(cron:session): session closed for user root

Jan 31 16:17:01 VAIO CRON[26821]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:17:01 VAIO CRON[26821]: pam_unix(cron:session): session closed for user root

Jan 31 16:39:01 VAIO CRON[26956]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 16:39:01 VAIO CRON[26956]: pam_unix(cron:session): session closed for user root

if you need a print out of what I currently have installed, package-wise of PAM Authentication I can post them.

  • So is everyone clueless on this or what? How do I remove PAM from being system-wide instead of just for login purposes? – theguest Feb 4 '14 at 13:26
1

Actually, PAM is always enabled, but you can use different auth modules for different services.

If pam_krb5 isn't being used at all and is the cause of the problems, you can remove it (or comment it) from /etc/pam.d/common-auth. pam_unix.so is the default pam auth module.

Make a backup of the common-auth file and leave open a root shell while testing so you can restore if needed. Making a mistake in this file WILL lock you out of your machine.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.