OOD desktop fails with "broken_shadow"


We recently upgraded our Compute node to Rocky 8.7. After upgrade, we are seeing OOD desktop immediately fails. I did some investigations and noticed that “broken_shadow” in /etc/pam.d/system-auth caused the issue.

“account required pam_unix.so broken_shadow”

User accounts are not a local Linux account. We use NSS DB to mange our users.
I tried to remove “broken_shadow” but it caused to fail to run sudo command
“sudo: PAM account management error: Authentication service cannot retrieve authentication info”

I was wondering if you have seen this issue and help me how to fix it.
OOD version is 3.0.3 with Rocky 8

Thank you

No I’ve never seen that issue before. We use LDAP users so I can’t really speak to NSS DB.

Jeff, thank you for your response.

I did some more test and it doesn’t related to nss-db. I just tried it using a local Linux account but it OOD desktop failed when I set "account required pam_unix.so broken_shadow” in /etc/pam.d/system-auth

Not sure why setting broken_shadow for pam_unix.so is breaking OOD desktop sessions.

Sorry, I’m not sure how much help I can be here.

I reckon it’s because systemd + DBUS start these X11 sessions. That’s PID 1 as the parent process that needs to fork and start these children.

Are you quite sure that’s the error? I think of the phrase when you hear hooves, think horses, not zebras which means, when you see an issue it’s likely something more common, not some esoteric/highly specialized one off. (i.e., horses are far more common in the USA than zebras)


We saw this topic Could not connect to session bus and added
/usr/bin/loginctl enable-linger $SLURM_JOB_USER into script.sh.erb

After that, it worked fine.