解决crontab报错Authentication token is no longer valid
一、现象
一台主机大部分用户使用crontab是正常的,其中一个用户使用时报错,具体内容如下:
1[oracle@www.361way.com ~]$ crontab -e
2Authentication token is no longer valid; new one required
3You (oracle) are not allowed to access to (crontab) because of pam configuration.
二、解决
由于上面报错中有提到pam,先看了这台的pam配置,未发现针对个别用户的配置,/etc/crontab.deny中也未指定不允许的用户。因为大部分用户是正常的,所以看了下该用户的环境变量,但未也发现异常。strace跟踪的几个调用的地方也均正常。最后又回到pam的调用,发现/etc/pam.d/crond 调用如下:
1account required pam_access.so
2account include password-auth
3session required pam_loginuid.so
4session include password-auth
5auth include password-auth
可以发现其上面有用户登陆验证,即验证不通过时,就无法使用。所以先用chage命令查看了下用户的密码信息:
1chage -l oracle
2Last password change : Jun 29, 2016
3Password expires : Sep 27, 2016
4Password inactive : never
5Account expires : never
6Minimum number of days between password change : 0
7Maximum number of days between password change : 90
8Number of days of warning before password expires : 7
发现帐号密码已经过期。使用chage -M 99999 oracle ,使用户密码永不过期。再重新使用oracle创建crontab,发现一切正常了。当然除了将密码改为永不过期,也可以通过临时修改密码解决,不过解决过后,90天之内必须还要修改密码。
捐赠本站(Donate)
如您感觉文章有用,可扫码捐赠本站!(If the article useful, you can scan the QR code to donate))
- Author: shisekong
- Link: https://blog.361way.com/crontab-valid/6130.html
- License: This work is under a 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议. Kindly fulfill the requirements of the aforementioned License when adapting or creating a derivative of this work.