Ask Your Question

cron authentication failure

asked 2013-03-26 07:13:42 -0600

simonC gravatar image

I'm creating a simple cron with puppet and I got the folowing info:

notice: /Stage[main]/Four_pm::Puppet_chron/Cron[run-puppet]/ensure: created

Authentication failure
You (root) are not allowed to access to (crontab) because of pam configuration.
 notice: /Stage[main]/Four_pm::Puppet_chron/Service[puppet]/ensure: ensure changed  'running' to 'stopped'
notice: Finished catalog run in 5.59 seconds

I gues it is a config problem bit i'm not so into linux to know the solution

edit retag flag offensive close merge delete


Is there anything interesting showing up in /var/log/messages or /var/log/secure when this happens?

Also (assuming that everything else is working OK) this smells a bit like ...(more)

jonn gravatar imagejonn ( 2013-03-26 09:59:02 -0600 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2013-04-03 15:17:45 -0600

Daenney gravatar image

updated 2013-04-03 15:19:44 -0600

This isn't a problem with Puppet. PAM on your system is not allowing root to modify the crontab anymore so something is wrong there.

This either means someone made an error and now /etc/pam.d/cron is in a state not allowing you access or the account is in an invalid state. Some systems have things like password expiry set and if the password for root has reached its expiration date you won't be allowed to do things to cron for example.

Have a look at the output of chage -l root.

Also, make sure the account ... (more)

edit flag offensive delete link more

answered 2013-12-06 03:54:56 -0600

To fix this issue, You must have to look for chage -l root and see the date of password expiry. if password expire date is prior to current date then this issue will be there as internally it looks password expire in config and doesn't allow user to do any activity. It will be better to run command: chage root and increase the age of password expire:

Changing the aging information for root Enter the new value, or press ENTER for the default

    Minimum Password Age [0]:
    Maximum Password Age [720]: 720
    Last Password Change (YYYY-MM-DD) [2013-09-30]:
    Password Expiration ...
edit flag offensive delete link more


It's never 'better' to just blindly increase password expiry times. There's probably a good reason for them especially since most distro's still ship with expiry disabled, most ...(more)

Daenney gravatar imageDaenney ( 2014-04-15 07:10:41 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-03-26 07:13:42 -0600

Seen: 1,942 times

Last updated: Dec 06 '13