Rocky Linux 9.5 - Cron Job is not getting triggered showing PAM error"

deepak · June 25, 2025, 9:11am

Hi,

We observed new issue related to “Cron Job” on Rocky Linux 9.5 system.
This issue is an blocker for an our release. So, request for an solution as soon as possible. Can someone provide a solution.

Please find details below,

Issue Description : In Our setup we have automatic function in there we have cron job entries. There we have scheduled it, need to load every day “01:00AM”. But its not loading as scheduled time. The cron job is not getting triggered, facing issue on here.

Please find the details of crontab below,

In Cron Log showing error message as,

Jun 25 01:00:01 test crond[6337]: (root) PAM ERROR (Authentication token is no longer valid; new one required)
Jun 25 01:00:01 test crond[6336]: (root) PAM ERROR (Authentication token is no longer valid; new one required)
Jun 25 01:00:01 test crond[6336]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
Jun 25 01:00:01 test crond[6337]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)

Cron job Details below,

[ju@linux /etc 16]$ sudo cat crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

05 4 * * * root /usr/sbin/aide --check
0 5 * * * root /usr/sbin/aide  --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

[ju@linux /etc 17]$ sudo crontab -l

0 1 * * * sudo -u apache /var/www/html/acorn/admin/old_file_util.php -a 365 -p /var/www/html/acorn/data -r 1 >> /dev/null 2>&1
0 0 * * * sudo -u apache /var/www/html/acorn/admin/email_util.php 0 >> /dev/null 2>&1
0 1 * * * sudo -u apache /var/www/html/acorn/admin/GetLongBuff.pl >> /dev/null 2>&1

tjdoyle · June 25, 2025, 10:43am

Hi,

Does the same issue occur if you update to 9.6? This is the supported release of Rocky.

Regards Tom.

nazunalika · June 25, 2025, 2:13pm

This tells me that your root password is expired. Run chage as root. Does it say password must be changed? If so, then you must set a password. Otherwise, chage --maxdays 99999 root will remove the restriction. Below are the defaults.

[root@sani ~]# chage -l root
Last password change                                    : Nov 08, 2024
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

scallan · June 25, 2025, 3:21pm

Hi all, I am also experiencing this issue today.
I have cronjobs that run as the admin user and would like them to continue to run regardless of the password being expired.
I need the password to expire every 90days.
The password being re-set will only happend when someone tries to next login to the server, so it can remain expired for weeks.
Looking at this article(Sadly I can’t find one for RHEL9) I’ve tried the fix but it does nto seem to work in Rocky9.

For those who can’t read the article, it’s suggesting:

Modify the /etc/pam.d/system-auth account section like following:

Raw

account     required      pam_access.so
account  [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

Note: In RHEL6, RHEL 7, and RHEL 8, modify the /etc/pam.d/password-auth as well.

Any thoughts would be greatly appreciated.

hs303 · June 27, 2025, 7:00am

Do you mean root by ‘the admin user’? If the cronjob is run for a user different than root seems like you have to remove the option use_uid, because it makes the module evaluate the validity of root’s passwd:

use_uid
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated.

Topic		Replies	Views
Rocky linux 9.3 (CRON) bad minute,why? Rocky Linux Help & Support	3	1111	December 19, 2023
No security context, /etc/crontab and /etc/cron.d/* Rocky Linux Help & Support	5	896	August 25, 2023
Using PAM to authenticate to radius Rocky Linux Help & Support	5	1721	July 27, 2024
FYI: authentication token error when running passwd Rocky Linux Help & Support rocky-linux-8	2	197	March 26, 2025
Suggestions for auto update Rocky Linux Help & Support	5	2374	August 25, 2023

Rocky Linux 9.5 - Cron Job is not getting triggered showing PAM error"

Related topics