Hi everybody,
Sometimes, some of our machines start to refuse to let anybody
in (either on console, or through the network). The following
error message appears in the system log each time anybody attempts
to log in:
Sep 4 10:36:31 XXXX login: audgen(LOGIN): Permission denied
Sep 4 10:36:31 XXXX login: LOGIN FAILURE
Rebooting an affected machine clears the error. However, it
may (or may not) reappear after a few days of uptime. Affected
machines are fine otherwise - they keep providing NFS services,
can start DQS batch jobs, etc.
Affected machines have exactly the same set of set-uid executables
and device file permissions as unaffected ones (we are running a
remote boot setup, so that I can check this even if I can't log
onto the affected machine). All machines also run the same kernel.
We do not use enhanced security, and the failure affects NIS and
local users alike.
The interesting bit is that this does not seem to happen if we
are running the generic kernel. This leads me to suspect that
we omitted some kernel option which is actually necessary for
running DU reliably. Unfortunately, the Digital's kernel tuning
manual is out of date and almost useless - half of the options
present in the generic kernel are simply not mentioned there,
so that I can only guess whether we need a particular option
or not. Including all of them does not seem to be a good idea,
either - the generic kernel is way too bloated for 64Mb configs.
I am appending our /sys/conf/CLIENTS file at the end of this
message, and would be glad to know whether we are missing
something vital. (Or if we can trim this kernel config a bit
more, for that matter).
Thanks,
/Serge.P
ident "CLIENTS"
options UERF
options OSF
options _LMF_
options BIN_COMPAT
options COMPAT_43
options MACH
options MACH_IPC_TCACHE
options MACH_IPC_WWA
options MACH_IPC_XXXHACK
options BUFCACHE_STATS
options INOCACHE_STATS
options STAT_TIME
options VAGUE_STATS
options UFS
options NFS
options NFS_SERVER
options MSFS
options STRKINFO
options STREAMS
options RPTY
options INET
options UIPC
options SYSV_COFF
options QUOTA
options LABELS
options SNMPINFO
options BSD_TTY
options BPARM
options PROCFS
options CDFS
options DEC_ACL
options LDTTY
#options SL
#options DLI
options FFM_FS
options UNIX_LOCKS
#
# Standard options.
#
options SER_COMPAT
options RT_PREEMPT
options RT_SCHED
options RT_SCHED_RQ
options RT_PML
options RT_TIMER
options RT_SEM
options RT_CSEM
options RT_IPC
#
#
# pwrmgr option
#
#options PWRMGR_ENABLED
makeoptions CDEBUGOPTS="-g3"
makeoptions CCOMPRESS="-compress"
makeoptions PROFOPTS="-DPROFILING -DPROFTYPE=4"
#
# Max number of processors in the system (DO NOT CHANGE)
#
processors 16
#
# Special options (see configuring the kernel chapter
# in the Guide to System Administration)
#
dfldsiz 134217728
maxdsiz 1073741824
dflssiz 2097152
maxssiz 33554432
cpu "DECST30"
maxusers 32
config vmunix swap generic
bus pci0 at nexus?
callout after_c "../bin/mkdata pci"
bus ata0 at pci0 slot 4
controller scsi0 at ata0 slot 0
controller scsi1 at ata0 slot 1
bus isa0 at pci0 slot 7
callout after_c "../bin/mkdata isa"
controller gpc0 at isa0 slot 0 vector gpcintr
controller ace0 at isa0 slot 2 vector aceintr
controller ace1 at isa0 slot 3 vector aceintr
controller lp0 at isa0 slot 4 vector lpintr
controller fdi0 at isa0 slot 5
device disk fd0 at fdi0 drive 0
bus pci1000 at pci0 slot 20
bus isp0 at pci1000 slot 9 vector ispintr
controller scsi2 at isp0 slot 0
#controller tga0 at pci1000 slot 8
controller tu0 at pci0 slot 3
pseudo-device sysv_hab
#pseudo-device ws
pseudo-device svid_three_hab
pseudo-device svr_four_hab
pseudo-device soe_two_hab
pseudo-device rt_hab
pseudo-device ether
pseudo-device loop
pseudo-device prf 6
Received on Fri Sep 04 1998 - 17:19:06 NZST