我在Centos 7操作系统上安装了Anaconda，并使用conda指令安装了Jupyter笔记本电脑、JupyterLab和JupyterHub，JupyterHub的版本是2.0.0。
问题是，我只能在第一次使用白名单用户名登录JupyterHub时登录，而在其他任何时候，也是使用同一用户，我无法登录，我收到错误：

PAM Authentication failed (user@127.0.0.1): [PAM Error 7] Authentication failure

我正在使用配置文件，运行jupyterhub -f /etc/jupyterhub/jupyterhub_conf.py。以下是配置：

# Configuration file for jupyterhub.

import os

# ------------------------------------------------------------------------------

# Configurable configuration

# ------------------------------------------------------------------------------

# ------------------------------------------------------------------------------

# LoggingConfigurable configuration

# ------------------------------------------------------------------------------

# A parent class for Configurables that log.

# 

# Subclasses have a log trait, and the default behavior is to get the logger

# from the currently running Application.

# ------------------------------------------------------------------------------

# SingletonConfigurable configuration

# ------------------------------------------------------------------------------

# A configurable that only allows one instance.

# 

# This class is for classes that should only have one instance of itself or

# *any* subclass. To create and retrieve such a class use the

# :meth:`SingletonConfigurable.instance` method.

# ------------------------------------------------------------------------------

# Application configuration

# ------------------------------------------------------------------------------

# This is an application.

# The date format used by logging formatters for %(asctime)s

# c.Application.log_datefmt = '%Y-%m-%d %H:%M:%S'

# The Logging format template

# c.Application.log_format = '[%(name)s]%(highlevel)s %(message)s'

# Set the log level by value or name.

# c.Application.log_level = 30

# ------------------------------------------------------------------------------

# JupyterHub configuration

# ------------------------------------------------------------------------------

# An Application for starting a Multi-User Jupyter Notebook server.

# Grant admin users permission to access single-user servers.

# 

# Users should be properly informed if this is enabled.

# c.JupyterHub.admin_access = False

# DEPRECATED, use Authenticator.admin_users instead.

# c.JupyterHub.admin_users = set()

# Answer yes to any questions (e.g. confirm overwrite)

# c.JupyterHub.answer_yes = False

# Class for authenticating users.

# 

# This should be a class with the following form:

# 

# - constructor takes one kwarg: `config`, the IPython config object.

# 

# - is a tornado.gen.coroutine

# - returns username on success, None on failure

# - takes two arguments: (handler, data),

# where `handler` is the calling web.RequestHandler,

# and `data` is the POST form data from the login page.

# c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'

# c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'

# c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']

# The base URL of the entire application

# c.JupyterHub.base_url = '/'

# Whether to shutdown the proxy when the Hub shuts down.

# 

# Disable if you want to be able to teardown the Hub while leaving the proxy

# running.

# 

# Only valid if the proxy was starting by the Hub process.

# 

# If both this and cleanup_servers are False, sending SIGINT to the Hub will

# only shutdown the Hub, leaving everything else running.

# 

# The Hub should be able to resume from database state.

# c.JupyterHub.cleanup_proxy = True

# Whether to shutdown single-user servers when the Hub shuts down.

# 

# Disable if you want to be able to teardown the Hub while leaving the single-

# user servers running.

# 

# If both this and cleanup_proxy are False, sending SIGINT to the Hub will only

# shutdown the Hub, leaving everything else running.

# 

# The Hub should be able to resume from database state.

# c.JupyterHub.cleanup_servers = True

# The config file to load

# c.JupyterHub.config_file = 'jupyterhub_config.py'

# c.JupyterHub.config_file = '/etc/jupyterhub/jupyterhub_config.py'

# Number of days for a login cookie to be valid. Default is two weeks.

# c.JupyterHub.cookie_max_age_days = 14

# The cookie secret to use to encrypt cookies.

# 

# Loaded from the JPY_COOKIE_SECRET env variable by default.

# c.JupyterHub.cookie_secret = b''

# File in which to store the cookie secret.

# c.JupyterHub.cookie_secret_file = 'jupyterhub_cookie_secret'

# The location of jupyterhub data files (e.g. /usr/local/share/jupyter/hub)

# c.JupyterHub.data_files_path = '/opt/anaconda/envs/hub/share/jupyter/hub'

# Include any kwargs to pass to the database connection. See

# sqlalchemy.create_engine for details.

# c.JupyterHub.db_kwargs = {}

# url for the database. e.g. `sqlite:///jupyterhub.sqlite`

# c.JupyterHub.db_url = 'sqlite:///jupyterhub.sqlite'

c.JupyterHub.db_url = '/etc/jupyterhub/jupyterhub.sqlite'

# log all database transactions. This has A LOT of output

# c.JupyterHub.debug_db = False

# show debug output in configurable-http-proxy

# c.JupyterHub.debug_proxy = False

# Set a logging.FileHandler on this file.

# c.JupyterHub.extra_log_file = ''

c.JupyterHub.extra_log_file = '/var/log/jupyterhub.log'

# Extra log handlers to set on JupyterHub logger

# c.JupyterHub.extra_log_handlers = []

# Generate default config file

# c.JupyterHub.generate_config = False

# The ip for this process

# c.JupyterHub.hub_ip = 'localhost'

# The port for this process

c.JupyterHub.hub_port = 8080

# The prefix for the hub server. Must not be '/'

# c.JupyterHub.hub_prefix = '/hub/'

# The public facing ip of the proxy

c.JupyterHub.ip = '127.0.0.1'

# Supply extra arguments that will be passed to Jinja environment.

# c.JupyterHub.jinja_environment_options = {}

# Interval (in seconds) at which to update last-activity timestamps.

# c.JupyterHub.last_activity_interval = 300

# File to write PID Useful for daemonizing jupyterhub.

# c.JupyterHub.pid_file = ''

c.JupyterHub.pid_file = '/etc/jupyterhub/jupyterhub.pid'

# The public facing port of the proxy

c.JupyterHub.port = 443

# The ip for the proxy API handlers

# c.JupyterHub.proxy_api_ip = 'localhost'

# The port for the proxy API handlers

# c.JupyterHub.proxy_api_port = 0

# The Proxy Auth token.

# 

# Loaded from the CONFIGPROXY_AUTH_TOKEN env variable by default.

# c.JupyterHub.proxy_auth_token = ''

# Interval (in seconds) at which to check if the proxy is running.

# c.JupyterHub.proxy_check_interval = 30

# The command to start the http proxy.

# 

# Only override if configurable-http-proxy is not on your PATH

# c.JupyterHub.proxy_cmd = ['configurable-http-proxy']

# Purge and reset the database.

# c.JupyterHub.reset_db = False

# The class to use for spawning single-user servers.

# 

# Should be a subclass of Spawner.

# c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner'

# Path to SSL certificate file for the public facing interface of the proxy

# 

# Use with ssl_key

c.JupyterHub.ssl_cert = '/home/test/anaconda/certs/certificate.pem'

# Path to SSL key file for the public facing interface of the proxy

# 

# Use with ssl_cert

# c.JupyterHub.ssl_key = ''

c.JupyterHub.ssl_key = '/home/user/anaconda/certs/key.pem'

# Paths to search for jinja templates.

# c.JupyterHub.template_paths = []

# 

# c.JupyterHub.tornado_settings = {}

# ------------------------------------------------------------------------------

# Spawner configuration

# ------------------------------------------------------------------------------

# Base class for spawning single-user notebook servers.

# 

# Subclass this, and override the following methods:

# 

# - load_state - get_state - start - stop - poll

# Extra arguments to be passed to the single-user server

# c.Spawner.args = []

# The command used for starting notebooks.

# c.Spawner.cmd = ['jupyterhub-singleuser']

# Enable debug-logging of the single-user server

# c.Spawner.debug = False

# Whitelist of environment variables for the subprocess to inherit

# c.Spawner.env_keep = ['PATH', 'PYTHONPATH', 'CONDA_ROOT', 'CONDA_DEFAULT_ENV', 'VIRTUAL_ENV', 'LANG', 'LC_ALL']

# Timeout (in seconds) before giving up on a spawned HTTP server

# 

# Once a server has successfully been spawned, this is the amount of time we

# wait before assuming that the server is unable to accept connections.

# c.Spawner.http_timeout = 30

# The IP address (or hostname) the single-user server should listen on

# c.Spawner.ip = 'localhost'

# The notebook directory for the single-user server

# 

# `~` will be expanded to the user's home directory `%U` will be expanded to the

# user's username

c.Spawner.notebook_dir = '/home/test/conda/multiuser'

# An HTML form for options a user can specify on launching their server. The

# surrounding `<form>` element and the submit button are already provided.

# 

# For example:

# 

# Set your key:

# <input name="key" val="default_key"></input>

# <br>

# Choose a letter:

# <select name="letter" multiple="true">

# <option value="A">The letter A</option>

# <option value="B">The letter B</option>

# </select>

# c.Spawner.options_form = ''

# Interval (in seconds) on which to poll the spawner.

# c.Spawner.poll_interval = 30

# Timeout (in seconds) before giving up on the spawner.

# 

# This is the timeout for start to return, not the timeout for the server to

# respond. Callers of spawner.start will assume that startup has failed if it

# takes longer than this. start should return when the server process is started

# and its location is known.

# c.Spawner.start_timeout = 60

# ------------------------------------------------------------------------------

# LocalProcessSpawner configuration

# ------------------------------------------------------------------------------

# A Spawner that just uses Popen to start local processes as users.

# 

# Requires users to exist on the local system.

# 

# This is the default spawner for JupyterHub.

# Seconds to wait for process to halt after SIGINT before proceeding to SIGTERM

# c.LocalProcessSpawner.INTERRUPT_TIMEOUT = 10

# Seconds to wait for process to halt after SIGKILL before giving up

# c.LocalProcessSpawner.KILL_TIMEOUT = 5

# Seconds to wait for process to halt after SIGTERM before proceeding to SIGKILL

# c.LocalProcessSpawner.TERM_TIMEOUT = 5

# ------------------------------------------------------------------------------

# Authenticator configuration

# ------------------------------------------------------------------------------

# A class for authentication.

# 

# The primary API is one method, `authenticate`, a tornado coroutine for

# authenticating users.

# set of usernames of admin users

# 

# If unspecified, only the user that launches the server will be admin.

# c.Authenticator.admin_users = set()

# Dictionary mapping authenticator usernames to JupyterHub users.

# 

# Can be used to map OAuth service names to local users, for instance.

# 

# Used in normalize_username.

# c.Authenticator.username_map = {}

# Regular expression pattern for validating usernames.

# 

# If not defined: allow any username.

# c.Authenticator.username_pattern = ''

# Username whitelist.

# 

# Use this to restrict which users can login. If empty, allow any user to

# attempt login.

c.Authenticator.whitelist = set({"user_1", "user_2", "root","user_3"})

# ------------------------------------------------------------------------------

# LocalAuthenticator configuration

# ------------------------------------------------------------------------------

# Base class for Authenticators that work with local Linux/UNIX users

# 

# Checks for local users, and can attempt to create them if they exist.

# The command to use for creating users as a list of strings.

# 

# For each element in the list, the string USERNAME will be replaced with the

# user's username. The username will also be appended as the final argument.

# 

# For Linux, the default value is:

# 

# ['adduser', '-q', '--gecos', '""', '--disabled-password']

# 

# To specify a custom home directory, set this to:

# 

# ['adduser', '-q', '--gecos', '""', '--home', '/customhome/USERNAME', '--

# disabled-password']

# 

# This will run the command:

# 

# adduser -q --gecos "" --home /customhome/river --disabled-password river

# 

# when the user 'river' is created.

# c.LocalAuthenticator.add_user_cmd = []

# If a user is added that doesn't exist on the system, should I try to create

# the system user?

# c.LocalAuthenticator.create_system_users = False

c.LocalAuthenticator.create_system_users = True

# Automatically whitelist anyone in this group.

c.LocalAuthenticator.group_whitelist = set({'jupyter'})

# ------------------------------------------------------------------------------

# PAMAuthenticator configuration

# ------------------------------------------------------------------------------

# Authenticate local Linux/UNIX users with PAM

# The encoding to use for PAM

# c.PAMAuthenticator.encoding = 'utf8'

# The PAM service to use for authentication.

# c.PAMAuthenticator.service = 'login'

# c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'

也许问题出在主机操作系统上。所以我把所有权限都给了/etc/shadow。我还以root用户的身份运行JupyterHub。
先谢谢你！