Re: unable to login as oracle user

When did this behavior begin? When is the last time you patched anything on this box? What changed?

This behavior is indicative of a recent patch with the current processes unaware of changes that may have occurred. If you have recently patched and after patching this behavior began, this might be resolved with a system reboot.

Thanks,
Josh Miller, RHCE

Troy Knabe wrote:


m.roth2006@xxxxxxx wrote:
Date: Fri, 02 Feb 2007 11:00:55 -0800
From: Troy Knabe <knabe@xxxxxxxxxxx> We have 3 Red Hat 4.4 AS Servers running RAC 10G. Today one of them had load averages of over 160. But processors were 99% idle.

That's dreadful!

None of the RAC boxes were responding during this time. I was able to login fine (my local user), and sudo su -. But when I tried to sudo su - oracle, it just hung. Finally rebooting fixed the issue. As I have been looking through log files, this is the only thing "weird" I have found. We only use local authentication on the box.

/var/log/secure:

Feb 2 08:22:14 orarac1 login: PAM unable to dlopen(/lib/security/pam_limits.so)

PAM *is* local - check to see if the file /lib/security/pam_limits.so exists, and what the permissions and ownership are. PAM is the authentication system that comes with all Linux these days.

Yes, I was just trying to give as much info as possible, so people didn't ask if I was ldap authenticating for instance.

The file is there, with permissions 755 root:root. Last time it was altered was May 12th, 2006, same timestamp as most everything else.

The thing that really confuses me, is why did the error appear when we tried to su - oracle, and not when attempting to go to root, or login as a "normal" user.


I'd worry that something happened to your box, either accidentally, or through an attack.

I haven't eliminated that as a possibility (especially the accidental thought)

-Troy

mark



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: Windows Server 2003 Auto connect printers;
    ... I removed the NT Authentication but then the user's don't have enough ... then for a normal basic user to login to a TS without having NT ... Isn't some form of admin rights required for a non admin user ... >> You do this by granting only those permissions that are ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Security question ..
    ... > If you use NT authentication, a user's permissions to a database are ... Your assertion that a user's permissions are independent of the application ... Even using Access and "exploring" will require an ODBC login to SQL Server. ...
    (microsoft.public.sqlserver.server)
  • Re: Cant access Active Directory from IIS6/2003 member server
    ... It was related to authentication. ... then I reset IIS and all was well. ... > The issue sounds like one of permissions, ... > different login. ...
    (microsoft.public.inetserver.iis)
  • Re: Permissions not enforced
    ... connecting, what login is used. ... >use NT Authentication according to the Login Name. ... >I have discovered that the User has full permissions to Select, Insert, ...
    (microsoft.public.sqlserver.security)
  • [Full-Disclosure] Advisory: Dark Age of Camelot - Weak encryption of network traffic exposed persona
    ... Weak encryption in game client exposed customer billing and authentication ... encryption for billing information. ... The login binary has undergone several updates since then. ...
    (Full-Disclosure)