Nov 14 13:35:28 yoda audit[2683212]: USER_AUTH pid=2683212 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/bin/login" hostname=yoda addr=? terminal=tty2 res=failed' Nov 14 13:35:28 yoda kernel: audit: type=1100 audit(1605378928.928:6994): pid=2683212 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/bin/login" hostname=yoda addr=? terminal=tty2 res=failed' Nov 14 13:35:31 yoda login[2683212]: FAILED LOGIN 1 FROM tty2 FOR root, Authentication failure I read somewhere that I could tell pam to use debug output. I will see if I can find that. Thanks for the tip. On Sat, Nov 14, 2020 at 11:15 AM Guus Snijders via arch-general <arch-general@archlinux.org> wrote:
Op za 14 nov. 2020 03:50 schreef Jack Frost via arch-general < arch-general@archlinux.org>:
Thanks for the tip. There were no pam.d/ files that had pam_tally and now pacnew files. I am digging through pam man pages to see if I can figure it out. Someone had to disable root access. I commented out pam_securetty.so in all the files but still no luck.
You could also try reading the logs... (probably journald).
When the authentication fails, there is surely some message somewhere stating /why/ it failed.
Mvg, Guus