Authentication token is no longer valid

Linux:authentication token is no longer valid

problem:
Authentication token is no longer valid; New one required
You (Zabbix) is not a allowed to access to (crontab) because of Pam configuration.

PAM Configuration

The/etc/pam.d/directory contain the PAM configuration files for each Pam-aware application. Each service has a file in THE/ETC/PAM.D which have the same name as the service.

For Instance, the Crond service Pam file is below:

  
 

   
  

  
[/etc/pam.d]$more crond 
   
  

  
#
   
  

  
# The PAM configuration file for the cron daemon
   
  

  
#
   
  

  
#
   
  

  
# No PAM authentication called, auth modules not needed
   
  

  
account required pam_access.so
   
  

  
account include password-auth
   
  

  
session required pam_loginuid.so
   
  

  
session include password-auth
   
  

  
auth include password-auth
  
 

PAM Configuration File Format

Module_interface Control_flag module_name module_argument

 
   
  
 
    
   
< Span class= "PLN" >account required pam_access  so   
 
    
   
account include password  -  auth   
 
    
   
 Session Required Pam_loginuid   so   
 
    
   
session include password  -  auth   
 
    
   
 Auth include password  - auth   
 
   
  
 

Module_interface:
Auth: This module interface the authenticates use. For example, it request and verifies the validity of a password.
Account : This module interface verified whether, the access is allowed. For example, it check if a the user account had expired of if a user is allowed to log in at a partical time of day.
Password: This module INTERFCE are used to changing user passwords.
session: This module interface configure and manager user sessions.

PAN Control Flag

Required: The module result must is successful for authentication to continue. If The test fails at this point, the users won't be notified.
requisite: Unlike required,if the test fails, the user would be notified immediately with a message reflectin the F Irst failed required or requisite module test.
Optional: The result is ignored.
include: Unlike the other controls,it does isn't relate to how the module result is handled.

Solution

Because The Crond service must authenticate the user ' s password.
So we can check the user password information:

  
 

   
  

  
chage -l username
   
  

  
Last password change : May 05, 2016
   
  

  
Password expires : Nov 01, 2016
   
  

  
Password inactive : never
   
  

  
Account expires : never
   
  

  
Minimum number of days between password change : 0
   
  

  
Maximum number of days between password change : 180
   
  

  
Number of days of warning before password expires : 30
  
 

If you find the password have expired, you can change the password and set the Maxdays to 9999.

 
   
  

  
    
   
password username:
  
    
   
Command : chage -M 9999 username
 
   
  

After this, you can check if the File/etc/shadow have updated the maxdays for the specified user. Just like this:

 
   
  

  
    
   
username:$6$EZ2LtFaZ$l6cUrKMIYW..37AStpjDYlal215FZg3NoKM0SgsUClsllKjVwkxsR4lFtWbNGvaGZkGwi5orqWziDMpfGGhvh/:17107:0:9999:30:::
 
   
  

After all, it'll be OK.

From for notes (Wiz)

Authentication token is no longer valid