Bug 173055
Summary: | 32-Bit libraries referenced in /etc/pam.d instead of 64-bit | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Dirk Gfroerer <dirk.gfroerer> |
Component: | cyrus-imapd | Assignee: | Petr Rockai <prockai> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | felipe_alfaro, k.georgiou, shane |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2007-0258 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-01 17:15:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 176344 |
Description
Dirk Gfroerer
2005-11-13 09:19:32 UTC
Same exact problem here. Hardware Dell PowerEdge 430sc Dual Core 1GB RAM Software RHEL 4.2 EL x86_64 Kernel 2.6.9-22.ELsmp RPMs pam-0.77-66.11 cyrus-imapd-2.2.12-3.RHEL4.1 cyrus-sasl-2.1.19-5.EL4 -----Error message from saslauthd--- Feb 18 23:46:50 wesley saslauthd[11329]: PAM unable to dlopen(/lib/security/pam_stack.so) Feb 18 23:46:50 wesley saslauthd[11329]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory] Feb 18 23:46:50 wesley saslauthd[11329]: PAM adding faulty module: /lib/security/pam_stack.so Feb 18 23:46:50 wesley saslauthd[11329]: do_auth : auth failure: [user=sstillwell] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] =================================== Cyrus uses saslauthd to authenticate. /etc/imapd.conf ---- snip --- # Authentication admins: cyrus sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowanonymouslogin: false ========================================= Saslauthd uses pam to authenticate /etc/sysconfig/saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=-n 1 ================================== Pam uses LDAP to authenticate. /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_localuser.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so =========================================== Hack: Replaced /lib/security/pam_stack.so with /lib64/security/pam_stack.so This fixed the issue, but as noted it's only a hack. It should be fixed upstream. Thanks. *** Bug 192550 has been marked as a duplicate of this bug. *** This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Ran into this same problem on a different server this time. It was during an upgrade to the latest packages that this started happening again. Hardware: Dell PowerEdge 2850 Redhat Enterprise Linux 4 update 4 2.6.9-42.0.10.ELsmp Same thing started happening, giving error messages of ======================================== Feb 28 10:57:20 faramir saslauthd[3260]: PAM unable to dlopen(/lib/security/pam_stack.so) Feb 28 10:57:20 faramir saslauthd[3260]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory] Feb 28 10:57:20 faramir saslauthd[3260]: PAM adding faulty module: /lib/security/pam_stack.so Feb 28 10:57:20 faramir saslauthd[3260]: do_auth : auth failure: [user=myusername] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] ======================================== The hack again fixed this issue. Copying the /lib64/security/pam_stack.so to /lib/security/pam_stack.so This bug has been replicated on two different platforms with similar scenarios. Authentication for IMAP goes like this. cyrus-imap -> saslauthd -> pam -> ldap It only seems to be the cyrus-imapd that has a problem. I also have authentication for Postfix using saslauthd and it works fine. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0258.html |