Authentication token is no longer valid
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Authentication token is no longer valid相关的知识,希望对你有一定的参考价值。
Linux: Authentication token is no longer valid
Problem:
Authentication token is no longer valid; new one required
You (zabbix) are not allowed to access to (crontab) because of pam configuration.
PAM Configuration
The /etc/pam.d/ directory contain the PAM configuration files for each PAM-aware application.Each service has file in the /etc/pam.d which has the same name as the service.
For Instance, the crond service pam file is below:
[/etc/pam.d]$more crond
#
# The PAM configuration file for the cron daemon
#
#
# No PAM authentication called, auth modules not needed
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
PAM Configuration File Format
Module_interface control_flag module_name module_argument
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
auth include password-auth
Module_interface:
auth: This module interface authenticates use. For example, it request and verifies the validity of a password.
account: This module interface verified whether the access is allowed. For example, it check if a user account has expired of if a user is allowed to log in at a partical time of day.
password: This module interfce is used to changing user passwords.
session:This module interface configure and manager user sessions.
PAN Control Flag
required:The module result must be successful for authentication to continue. If the test fails at this point, the users will not be notified.
requisite:Unlike required,if the test fails, the user will be notified immediately with a message reflectin the first failed required or requisite module test.
optional:The result is ignored.
include:Unlike the other controls,it does not relate to how the module result is handled.
Solution
Because the crond service must authenticate the user’s password.
So we can check the user password information:
chage -l username
Last password change : May 05, 2016
Password expires : Nov 01, 2016
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 180
Number of days of warning before password expires : 30
If you find the password has expired, you can change the password and set the maxdays to 9999.
password username:
Command : chage -M 9999 username
After that ,you can check if the file /etc/shadow has updated the maxdays for the specified user.Just like this:
username:$6$EZ2LtFaZ$l6cUrKMIYW..37AStpjDYlal215FZg3NoKM0SgsUClsllKjVwkxsR4lFtWbNGvaGZkGwi5orqWziDMpfGGhvh/:17107:0:9999:30:::
After all, it will be ok.
以上是关于Authentication token is no longer valid的主要内容,如果未能解决你的问题,请参考以下文章
What Is Token-Based Authentication and Who Uses It?
Authentication token is no longer valid; new one required You (oracle) are not allowed to access to
Linux用户密码过期 FAILED to authorize user with PAM (Authentication token is no longer valid; new one req)
解决修改密码报错‘passwd:Authentication token’
Implement JSON Web Tokens Authentication in ASP.NET Web API and Identity 2.1