On Wed, 18 May 2016 13:05:31 -0400, Boruch wrote in message
<20160518170531.GK32498@???>:

> On 2016-05-18 18:24, Arnt Karlsen wrote:
> > DNG, I'm still left with runlevel 1, the damned thin will only
> > accept root's passwd on the console, I can start and run ssh and X
> > etc all day, and it works all nice except I have my password
> > rejected once I try a login.
>
> Sounds to me like an issue with 'pam', and that you're fix will be in
> /etc/pam.d.

..aye, behold:
root@debian:/var/cache/apt/archives#
ll /etc/pam.d total
200 -rw-r--r-- 1 root root 235 Aug 10 2014
atd -rw-r--r-- 1 root root 384 Feb 16 2011 chfn
-rw-r--r-- 1 root root 92 Feb 16 2011 chpasswd
-rw-r--r-- 1 root root 581 Feb 16 2011 chsh
-rw-r--r-- 1 root root 56 Jul 13 2015 cinnamon-screensaver
-rw-r--r-- 1 root root 1312 May 17 23:45 common-account
-rw-r--r-- 1 root root 1498 May 17 23:45 common-auth
-rw-r--r-- 1 root root 1633 May 17 23:45 common-password
-rw-r--r-- 1 root root 1364 May 17 23:45 common-session
-rw-r--r-- 1 root root 1286 May 17 23:45 common-session-noninteractive
-rw-r--r-- 1 root root 606 May 25 2014 cron
-rw-r--r-- 1 root root 69 Jun 9 2014 cups
-rw-r--r-- 1 root root 56 Nov 25 2007 gnome-screensaver
-rw-r--r-- 1 root root 987 Nov 9 2013 kdm
-rw-r--r-- 1 root root 1031 Nov 9 2013 kdm-np
-rw-r--r-- 1 root root 1354 Oct 17 2015 lightdm
-rw-r--r-- 1 root root 1364 Oct 17 2015 lightdm-autologin
-rw-r--r-- 1 root root 493 Oct 17 2015 lightdm-greeter
-rw-r--r-- 1 root root 4756 Apr 30 2014 login
-rw-r--r-- 1 root root 57 Mar 13 2014 mate-screensaver
-rw-r--r-- 1 root root 564 Sep 14 2013 mock
-rw-r--r-- 1 root root 147 Nov 19 02:04 newrole
-rw-r--r-- 1 root root 92 Feb 16 2011 newusers
-rw-r--r-- 1 root root 919 Mar 23 15:54 nodm
-rw-r--r-- 1 root root 520 Jun 21 2011 other
-rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-hibernate
-rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-locksession
-rw-r--r-- 1 root root 135 Jan 7 22:33 ovirt-logout
-rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-shutdown
-rw-r--r-- 1 root root 92 Feb 16 2011 passwd
-rw-r--r-- 1 root root 255 Oct 15 2013 polkit-1
-rw-r--r-- 1 root root 168 Jan 19 2011 ppp
-rw-r--r-- 1 root root 162 Feb 25 2012 quagga
-rw-r--r-- 1 root root 95 Nov 19 02:04 run_init
-rw-r--r-- 1 root root 143 Oct 5 2014 runuser
-rw-r--r-- 1 root root 105 Nov 27 04:36 runuser-l
-rw-r--r-- 1 root root 84 Nov 12 2011 samba
-rw-r--r-- 1 root root 1199 Jul 24 2012 schroot
-rw-r--r-- 1 root root 1686 Jan 4 22:27 sddm
-rw-r--r-- 1 root root 1338 Jan 4 22:27 sddm-autologin
-rw-r--r-- 1 root root 1255 Jan 4 22:27 sddm-greeter
-rw-r--r-- 1 root root 1300 Jun 8 2015 slim
-rw-r--r-- 1 root root 108 Oct 15 2015 slock
-rw-r--r-- 1 root root 2133 Aug 5 2014 sshd
-rw-r--r-- 1 root root 2257 Mar 14 2014 su
-rw-r--r-- 1 root root 95 Jan 12 2012 sudo
-rw-r--r-- 1 root root 1205 May 8 2015 wdm
-rw-r--r-- 1 root root 871 Dec 11 21:55 xdm
-rw-r--r-- 1 root root 108 Oct 30 2011 xscreensaver
root@debian:/var/cache/apt/archives# mc /etc/pam.d/


> > ..exactly how is a Devuan boot supposed to work these days?
> > And what systemd crud could could my logins?
>
> systemd-logind

..nope, but there was crud allright.
root@debian:/var/cache/apt/archives# dpkg -l |grep systemd |cut -c -123
|fmt -su
ii dh-systemd 1.29+devuan1.0 all
ii gnome-logs 3.20.1-1 amd64
pc libsystemd-daemon0:amd64 215-18 amd64
pc libsystemd-id128-0:amd64 215-18 amd64
pc libsystemd-journal0:amd64 215-18 amd64
pc libsystemd-login0:amd64 215-18 amd64
ii libsystemd0:amd64 229-6 amd64
ii systemd-shim 9-1 amd64
root@debian:/var/cache/apt/archives#


> > And what logs do I check these days?
>
> /var/log/auth.log

..bingo, lotsa whining about a faulty module and a culprit in my claw:
root@debian:/var/cache/apt/archives# less /var/log/auth.log
root@debian:/var/cache/apt/archives# dpkg -S /lib/security/pam_abl.so
dpkg-query: no path found matching pattern /lib/security/pam_abl.so
root@debian:/var/cache/apt/archives#
root@debian:/var/cache/apt/archives#
zcat /usr/share/doc/libpam-abl/NEWS.Debian.gz libpam-abl (0.6.0-3)
unstable; urgency=medium

Starting from version 0.6.0-1, libpam-abl is enabled globally
using pam-auth-update. Please see README.Debian for more details.

-- Alexandre Mestiashvili <alex@???> Mon, 12 May
2014 13:04:50 +0200 root@debian:/var/cache/apt/archives#
cat /usr/share/doc/libpam-abl/README.Debian pam-abl for Debian
===============================

By default the pam-abl PAM module is enabled for sshd service only.
A user who mistyped a password 3 times will be blocked for 1 hour.
A host with 30 failed attempts will be blocked for 1 hour.

Default config file: /etc/security/pam_abl.conf

See the pam_abl.conf(5) man page for the syntax and pam_abl(1) for
information about the management tool.

Starting from version 0.6.0-1, libapm-abl configured automatically
with pam-auth-update.
This may have a negative impact to other authentication services
such as sudo, login, su and others.
For example a bruteforce attack over ssh can blacklist and block a user
and thus even su and sudo on localhost will not work for this user.
To avoid such a situation, the default configuration for the debian
package of pam-abl works only with "sshd" service.
Note "sshd" in the user_rule=*/sshd:3/1h option in the configuration
file.

Please also note that pam_abl will list all users exceeding the number
of allowed attepmts, even for the services not defined in the user_rule,
but will block users only for services listed in the user_rule.
Use pam_abl -v to see more information.

One also can set up pam-abl manually, for this run pam-auth-update
and unselect the pam-abl.
After that add the following line for every PAM module you want to setup
before all other authentication modules:

 auth    required            pam_abl.so
 config=/etc/security/pam_abl.conf

See man 8 pam_abl for more details.

The pam-abl's libdb databases (/var/lib/abl) are not removed
automatically when the package is removed. In order to remove it
compeltely use purge: apt-get purge libpam-abl.

If pam_abl tool is not able to read the backend database ( usually after
Berkeley DB update on the host ) just delete the database:
rm -f /var/lib/abl/*

Alternatively one can try to fix the database by migrating to the newest
version. For example when migrating from libdb5.1 to libdb5.3:

db5.3_upgrade -v -h /var/lib/abl hosts.db
db5.3_upgrade -v -h /var/lib/abl users.db

-- Alex Mestiashvili <mailatgoogl@???>


> As a helpful hint, if you know a general time for which a logging
> event might have occurred, use gre to help you find logs with entries
> for that general time. For example:
>
> grep -rl "^May 16 06:5" /var/log
>
> For the most recently modified log, sorted by time:
>
> ls -Rlt /var/log | less

..aye, digging thru this 21GB mess is ... where I wish
I had played more with friends like find and xargs.
Oh well, with a bit of luck I don't have to. ;o)

> > ..last time I had this laptop this bogged down, I simply wiped
> > /etc/rc2.d/ clean and made it lean, does anyone have a lean
> > Devuan machine so I can see /etc/rcS.d/ and /etc/rc2.d/ listings?
>
> The list has been recently discussing a minimal livecd build of
> devuan that might be useful for you for this. It's a ~250Mb dowloaded
> from
>
> http://devuan.kalos.mine.nu/

..thanks, I'll try this next if the pam diagnosis fails.

> Read the web page for how to use it, and for how to run it in qemu.

..has anyone done this out of a chroot yet? ;o)

> --
> hkp://keys.gnupg.net
> CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.