When you encounter the error "Authentication service cannot retrieve authentication info" with a PAM configuration restriction, this typically indicates your system's Pluggable Authentication Modules (PAM) security policy is preventing non-root users from accessing crontab. Let's examine the complete error chain:

[coins@COINS-TEST ~]$ crontab -l
Authentication service cannot retrieve authentication info 
You (coins) are not allowed to access to (crontab) because of pam configuration.

The issue stems from two critical configuration files:

1. /etc/security/access.conf - Controls system-wide access permissions
2. /etc/pam.d/crond - PAM configuration specific to cron services

First, verify if the PAM module is actually restricting access:

grep "pam_access" /etc/pam.d/crond

Expected output might show:

account    required     pam_access.so

Edit the access control file with sudo privileges:

sudo nano /etc/security/access.conf

Add an exception for your user (coins in this case):

+ : coins : cron crond

Save and test the configuration:

sudo pam-auth-update

For testing purposes, you can temporarily comment out the PAM restriction in the crond configuration:

sudo nano /etc/pam.d/crond

Find and comment the line:

#account    required     pam_access.so

After making changes, verify with:

crontab -l

If successful, you'll see either your crontab entries or an empty response if no jobs are scheduled.

While modifying PAM configurations, maintain security by:

• Granting minimal necessary permissions
• Using specific user/group restrictions rather than wildcards
• Documenting all changes for audit purposes

On SELinux-enabled systems, additional context checks might be required. Verify with:

ls -Z /usr/bin/crontab

If context issues exist, restore with:

restorecon -v /usr/bin/crontab

---

When you encounter the error "Authentication service cannot retrieve authentication info You (username) are not allowed to access to (crontab) because of pam configuration", you're facing a PAM (Pluggable Authentication Modules) restriction. This typically occurs when the system administrator has configured specific access controls through PAM.

First, check the relevant PAM configuration file for cron access:

cat /etc/pam.d/crond
# Or on some systems:
cat /etc/pam.d/cron

Look for lines containing pam_access.so or similar PAM modules that might be restricting access.

The most likely culprit is /etc/security/access.conf. This file defines which users can access what services. Check its contents:

cat /etc/security/access.conf

You might find entries like:

- : ALL EXCEPT root : cron crontab

To quickly test if this is indeed the issue, try temporarily allowing your user (replace "coins" with your username):

sudo sh -c 'echo "+ : coins : cron crontab" >> /etc/security/access.conf'

Then try accessing crontab again:

crontab -l

For production systems, a better approach is to create a group for users who need crontab access and modify the PAM configuration accordingly:

# Create a new group
sudo groupadd cronusers

# Add your user to the group
sudo usermod -aG cronusers coins

# Edit access.conf
sudo nano /etc/security/access.conf

Add this line to allow the group:

+ : @cronusers : cron crontab

In some cases, you might consider editing /etc/pam.d/crond to comment out the PAM access line, but this is insecure:

# Comment out this line (not recommended for production):
# account required pam_access.so

Sometimes SELinux might interfere. Check the context:

ls -Z /usr/bin/crontab

If needed, restore context:

restorecon -v /usr/bin/crontab

Ensure the crontab binary has correct permissions:

ls -l /usr/bin/crontab
# Should typically be -rwxr-xr-x with root:root ownership

For long-term solution, create a proper PAM access configuration that fits your organization's security policy while allowing necessary access. Document any changes made to PAM configurations for future reference.