Auth failure with uid >= 1000 on fc18

[Gordon Messmer]

On 03/18/2013 07:02 PM, Alex wrote:
> I am trying to ssh into my fc18 server as root and have the following
> message in syslog:
>
> Mar 18 18:29:20 bwipropnew sshd[12473]: pam_succeed_if(sshd:auth):
> requirement "uid >= 1000" not met by user "root"

You'll see that after an auth failure for any account with uid < 1000:
Mar 18 23:11:47 vagabond unix_chkpwd[6076]: password check failed for 
user (root)
Mar 18 23:11:47 vagabond sshd[6073]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=root
Mar 18 23:11:47 vagabond sshd[6073]: pam_succeed_if(sshd:auth): 
requirement "uid >= 1000" not met by user "root"
Mar 18 23:11:50 vagabond sshd[6073]: Failed password for root from ::1 
port 51784 ssh2

The standard config looks like this:

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

pam_env sets or unsets environment variables and succeeds.

pam_unix will process the password provided.  If the password is 
correct, this list will stop processing.  If not...

pam_succeed_if will succeed for user accounts and then pass to pam_deny, 
which causes the authentication attempt to fail.

pam_succeed_if will fail immediately for system accounts, without using 
pam_deny.

If you're using LDAP or KRB5 authentication, it will appear in between 
those two lines.  That authentication module (pam_sss normally) will be 
usable by users with uid >= 1000, but not by system user accounts.