Masalahnya
Akun sistem akan kedaluwarsa oleh kebijakan tetapi harus dijalankan ke cron job oleh akun itu.
Saat kedaluwarsa, tugas cron gagal oleh PAM dengan pesan di bawah ini:
Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: failed to open PAM security session: Success Jul 10 00:31:01 geeklab crond[2860]: CRON (xxx) ERROR: cannot set security context
Solusinya
Tambahkan ke baris di bawah ini di bagian atas akun di /etc/pam.d/system-auth (jika CentOS/RHEL 7, gunakan file password-auth )
account required pam_access.so account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
Misalnya:
# User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_access.so account [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so
Kompleksitas kata sandi PAM dan sistem kredit pam_cracklib di CentOS/RHEL
Cara Mengonfigurasi Kedaluwarsa Kata Sandi dan Persyaratan Kompleksitas di CentOS/RHEL