| *** boxiang has joined #starlingx | 05:16 | |
| *** yaawang has quit IRC | 05:24 | |
| *** yaawang has joined #starlingx | 06:04 | |
| *** Samiam1999DTP has joined #starlingx | 06:32 | |
| *** Samiam1999 has quit IRC | 06:33 | |
| *** yaawang has quit IRC | 06:34 | |
| *** yaawang has joined #starlingx | 06:35 | |
| *** boxiang has quit IRC | 08:42 | |
| *** boxiang has joined #starlingx | 08:42 | |
| *** boxiang has quit IRC | 08:43 | |
| *** boxiang has joined #starlingx | 08:44 | |
| *** boxiang_ has joined #starlingx | 08:46 | |
| *** boxiang has quit IRC | 08:46 | |
| *** boxiang_ has quit IRC | 10:10 | |
| *** dpenney_ has joined #starlingx | 12:49 | |
| *** dpenney has quit IRC | 12:52 | |
| *** cheng1 has joined #starlingx | 15:06 | |
| sgw | Morning all | 15:53 |
|---|---|---|
| sgw | bwensley: Hi Bart, I have been looking at a lanchpad possibly related to the sysadmin change, but need some additional details | 15:55 |
| bwensley | Hey Saul - just saw your message. What do you need? | 19:23 |
| sgw | Hi bwensley, I was looking at a bug that got assigned to me about faillock after the sysroot change https://bugs.launchpad.net/starlingx/+bug/1834116 | 19:49 |
| openstack | Launchpad bug 1834116 in StarlingX "sysadmin user not locked out after 5 wrong password attempts" [Medium,Triaged] - Assigned to Saul Wold (sgw-starlingx) | 19:49 |
| sgw | I don't see how the sysroot change would have affected the pam faillock, I searched for faillock in the starlingx repos and did not find any mentions (other than in the new tests commits that I have checkedout) | 19:51 |
| bwensley | Hmm... I'm not familiar with how the locking is implemented. I will look around a bit. | 19:57 |
| sgw | bwensley: is there someone that is on IRC that knows that info? | 19:58 |
| sgw | Or that we can get up on IRC? | 19:59 |
| bwensley | Sorry Saul - I asked around and didn't find anyone who knows. Please send an email to the mailing list and hopefully someone there can point you in the right direction. | 20:20 |
| bwensley | Saul - found this line in /etc/pam.d/common-auth: auth required pam_tally2.so deny=5 unlock_time=300 audit | 20:35 |
| bwensley | Isn't that what is supposed to lock out the user after 5 attempts? | 20:35 |
| sgw | bwensley: I was looking for pam_faiillock (and of course just pushed send before seeing this!) | 20:46 |
| bwensley | Of course - it always happens that way. :) | 20:51 |
| bwensley | Still don't know why it would stop working. | 20:51 |
| sgw | Yeah, confirming and debugging | 20:51 |
| ericho | Is that bug a duplicate of this? https://bugs.launchpad.net/starlingx/+bug/1814345 | 20:52 |
| openstack | Launchpad bug 1814345 in StarlingX "System account doesn't block after invalid login attempts" [Medium,Opinion] - Assigned to haitao wang (hwang85) | 20:52 |
| ericho | It might not be related with the user change. | 20:52 |
| sgw | Yup this is the same issue | 20:53 |
| sgw | This seems to be affecting both ssh/login and horizon logins | 20:54 |
| sgw | Ok, more info! I can get a lockout with pam_tally2 and su - sysadmin, but not via ssh or console login, so maybe there is a pam configuration issue | 21:13 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!