We recently upgraded our Compute node to Rocky 8.7. After upgrade, we are seeing OOD desktop immediately fails. I did some investigations and noticed that “broken_shadow” in /etc/pam.d/system-auth caused the issue.
“account required pam_unix.so broken_shadow”
User accounts are not a local Linux account. We use NSS DB to mange our users.
I tried to remove “broken_shadow” but it caused to fail to run sudo command
“sudo: PAM account management error: Authentication service cannot retrieve authentication info”
I was wondering if you have seen this issue and help me how to fix it.
OOD version is 3.0.3 with Rocky 8
I did some more test and it doesn’t related to nss-db. I just tried it using a local Linux account but it OOD desktop failed when I set "account required pam_unix.so broken_shadow” in /etc/pam.d/system-auth
Not sure why setting broken_shadow for pam_unix.so is breaking OOD desktop sessions.
I reckon it’s because systemd + DBUS start these X11 sessions. That’s PID 1 as the parent process that needs to fork and start these children.
Are you quite sure that’s the error? I think of the phrase when you hear hooves, think horses, not zebras which means, when you see an issue it’s likely something more common, not some esoteric/highly specialized one off. (i.e., horses are far more common in the USA than zebras)