Tag Archives: pam

Cron: ERROR: failed to open PAM security session

This issue is related to PAM not authenticating the users correctly anymore because of a few possible modifications, or something got screwed up on your server.

If you get this error you may wan to try and see if the user that is trying to run that cron exists under /etc/shadow file.

As Andrew pointed up in one of the comments you can also get this error if the cron user’s account has expired so you may want to verify that before going ahead.

If you hardened your server security using some of the scripts that are floating around the internet and now get a CRON (username) ERROR: failed to open PAM security session: Success error you may wan to check the /var/log/secure log file and check for any references to cron like:

Jul 7 16:30:01 server crond[9527]: pam_access(crond:account): access denied for user `username' from `cron'

A fix for this is to check the following two files and make sure that the lines in there match the following:

/etc/pam.d/crond file should contain the following lines:

auth sufficient pam_rootok.so
auth required pam_env.so
auth include system-auth
#account sufficient pam_rootok.so
account required pam_access.so
account include system-auth
session required pam_loginuid.so
session include system-auth

Check the commented line #account sufficient pam_rootok.so and if you see this line in there and uncommented the comment it out.

Secondly check the /etc/security/access.conf file and if you see at the end of this file anything that is uncommented like:

+ : ALL : cron crond

then comment this two lines also.

Check your cron log file after this and see if the cron will run correctly.