I've done a little stuff up. I was playing with PAM (nt_dom_auth) and I can't login now.
Here is where it gets interesting - PAM seems to work.
Lets say I fire up a telnet login - I get asked for my password - I get it wrong - login gives me another go etc as per normal.
Lets say I get the password right. The shell dies and all I see in syslog is that login[pidnum] said permission denied.
Pam said auth was successful one line up in the logs. I reinstalled pam from source (on my last open terminal) and re-installed the latest util-linux linked to pam with all the right options (PAM seems to be working by the logs still).
I've checked the obvious - shells exist, home directory right. Checked symlinks to the latest pam libraries. I Re-installed redhat default config from RPM (keeping current libraries) - still to no avail.
Also su also said permission denied. Is there a file somewhere with modal permissions of 000 that is stopping these login utilities from working I should look for?