login fails after upgrade from SLES 11 SP4 or older SLES 12 to newer SLES version

This document (000019703) is provided subject to the disclaimer at the end of this document.

Environment

​​​​​SUSE Linux Enterprise Server SLES 15

Situation

Users cannot login to the system after upgrading from SLES 11 SP4 or older SLES 12 to a newer version of SLES.

An example for root login failure:

image.png

Resolution

There's a need to replace pam_unix2.so to pam_unix.so in module name field in PAM configuration.
 

No login works after boot

If no login works after boot then reboot the system and boot it with following kernel boot parameters:
 
rd.break=initrd-switch-root rw

Since there's no PAM configuration in initramfs the problem related to pam_unix2.so won't be effective, but one still needs root password to enter dracut shell. The root filesystem after login as root into dracut shell will be mounted r/w at /sysroot. The following command would replace pam_unix2.so to pam_unix.so in root filesystem:
 
/sysroot/usr/bin/grep -lR pam_unix2.so /sysroot/etc/pam.{conf,d/} | /sysroot/usr/bin/xargs -I '{}' /sysroot/usr/bin/sed -i 's/pam_unix2.so/pam_unix.so/' '{}'


Then typing 'exit' would make the boot continue and work as expected.
 


From a working system


PAM switch from pam_unix2 to  pam_unix as this :
 
find /etc/pam.d/ -type f -exec sed -i -e "s/pam_unix2/pam_unix/g" {} \;

Cause

  1. The cause is related to switch from pam_unix2.so, which is deprecated and has issues with systemd, to pam_unix.so PAM module.

An example from logs about root login failure related to pam_unix2.so:
2022-05-11708:49:22.211930+02:00 linux login: PAM unable to dlopen(/lib64/security/pam unix2.so): /lib64/security/pam unix2.so:
cannot open shared object file: No such file or directory
2022-05-11708:49:22.212093+02:00 linux login: PAM adding faulty module: /lib64/security/pam_unix2.so
2022-05-11108:49:22.217637+02:00 linux login: FAILED LOGIN SESSION FROM tty1 FOR root, Module is unknown

 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019703
  • Creation Date: 15-Mar-2023
  • Modified Date:15-Mar-2023
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center