Bug 11738
Summary: | unable to dlopen (/lib/security/pam_krb5.so) | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | C. Ray Ng <crn1> |
Component: | pam_krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | CC: | katzj |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-07-17 19:29:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
C. Ray Ng
2000-05-29 23:38:30 UTC
What are the contents of /etc/pam.d/login? Are there any messages preceding this line in /var/log/messages that would indicate what it is that's making the module faulty? > Here is my previous /etc/pam.d/login which worked under > krb5-workstation-1.0.5: > > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_krb5.so > auth sufficient /lib/security/pam_pwdb.so shadow nullok > account required /lib/security/pam_pwdb.so > password required /lib/security/pam_cracklib.so > password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow > session required /lib/security/pam_pwdb.so > session optional /lib/security/pam_console.so > > And the updated /etc/pam.d/login (copied from /usr/doc/pam_krb5-1/pam.d/login): > > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_unix.so shadow md5 nullok likeauth > auth required /lib/security/pam_krb5.so use_first_pass > account required /lib/security/pam_unix.so > password required /lib/security/pam_cracklib.so > password required /lib/security/pam_unix.so shadow md5 nullok use_authtok > session required /lib/security/pam_unix.so > session optional /lib/security/pam_krb5.so > session optional /lib/security/pam_console.so > > Section of /var/log/message related to pam while logging in on the console: > > May 31 13:55:51 lnxhost login: PAM unable to dlopen(/lib/security/pam_krb5.so) > May 31 13:55:51 lnxhost login: PAM [dlerror: libkrbafs.so.1: cannot open > shared object file: No such file or directory] > May 31 13:55:51 lnxhost login: PAM adding faulty module: > /lib/security/pam_krb5.so > May 31 13:55:54 lnxhost PAM_unix[1878]: authentication > failure;LOGIN(uid=0) -> crn for login service > May 31 13:55:57 lnxhost login[1878]: FAILED LOGIN SESSION FROM (null) > FOR crn, Module is unknown > May 31 13:55:59 lnxhost login: PAM unable to > dlopen(/lib/security/pam_krb5.so) > May 31 13:55:59 lnxhost login: PAM [dlerror: libkrbafs.so.1: cannot open > shared object file: No such file or directory] > May 31 13:55:59 lnxhost login: PAM adding faulty module: > /lib/security/pam_krb5.so > May 31 13:56:03 lnxhost PAM_unix[1959]: authentication failure; > LOGIN(uid=0) -> crn for login service > > We don't use AFS here, so the message about missing libkrbafs.so is > expected, I suppose. > Remote klogin works okay, BTW. We've never shipped Kerberos 5 1.0.5. A problem loading the krbafs.so.1 shared library is what's causing the module to not load properly. Do you have the krbafs package installed? > But when I tried to install krbafs.so from krbafs-1.0-3, > ldconfig gave me a warning and skipping over it: > > /sbin/ldconfig: warning: can't open /usr/lib/qt-2.0.1/lib > (No such file or directory), skipping > > can be found in qt-Xt-2.1.0 or qt-devel-2.1.0, > but no where can I find qt-2.0.1 on the CDs. Is it a typo or > I have to go back to version 2.0.1? No, but for some reason you still have /usr/lib/qt-2.0.1/lib listed in your /etc/ld.so.conf file. Open it up in a text editor and remove it. Was this problem taken care of by installing the krbafs package? I can't reproduce in rawhide or 6.2 with the krbafs package installed on the system. Resulution of this problem: 1) Install krbafs package to satify a reference for libkrbafs.so, even AFS is not in use. (Should it be put in dependence check for installing krb5?) 2) Remove /usr/lib/qt-2.0.1 in /etc/ld.so.conf if it appeared there. 3) Replace all files /etc/pam.d with those in /usr/doc/pam_krb-1/pam.d (One should be very careful about the wholesale changes if local modifications/policies were made.) 4) The kde pam file is missing in /usr/doc/pam_krb_1/pam.d, so one need to copy, say, /etc/pam.d/xdm to /etc/pam.d/kde. Now it works like a charm. Looks like that solved it. The new authconfig/pam setup in Raw Hide should simplify enabling Kerberos 5 support (as well as making it much safer and easier to back it out) in subsequent releases. |