Bug 518056

Summary: PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed
Product: [Fedora] Fedora Reporter: David Howells <dhowells>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: i586   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-18 16:18:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description David Howells 2009-08-18 15:57:31 UTC
Description of problem:

I've just made an installation of a very basic F11 on a 32-bit x86 board.  There is no graphics or keyboard hardware so no desktop packages are installed, except where a dependency requires them.  There's also no fingerprint reader, so the fprint packages aren't installed.

I see this in /var/log/secure when I log in:

Aug 18 16:31:47 gatekeeper login: PAM unable to dlopen(/lib/security/pam_fprintd
.so): /lib/security/pam_fprintd.so: cannot open shared object file: No such file
 or directory                                                                   
Aug 18 16:31:47 gatekeeper login: PAM adding faulty module: /lib/security/pam_fp
Aug 18 16:31:52 gatekeeper login: pam_unix(login:session): session opened for us
er root by (uid=0)                                                              
Aug 18 16:31:52 gatekeeper login: DIALUP AT ttyS0 BY root                       
Aug 18 16:31:52 gatekeeper login: ROOT LOGIN ON ttyS0                           

If I run authconfig --updateall, I see:

authconfig: Authentication module /lib/security/pam_fprintd.so is missing. Authentication process will not work correctly.                                      

Version-Release number of selected component (if applicable):


How reproducible:

I see the error message crop up in the secure log every time I try to log in, or every time someone tries to crack my SSH daemon.

/lib/security/pam_fprintd.so is not present because fprintd-pam is not installed; it is, however, still referenced in /etc/pam.d/

[root@gatekeeper ~]# grep -r fprintd /etc/pam.d                                 
/etc/pam.d/fingerprint-auth:auth        sufficient    pam_fprintd.so            
/etc/pam.d/system-auth:auth        sufficient    pam_fprintd.so                 
/etc/pam.d/system-auth-ac:auth        sufficient    pam_fprintd.so              
/etc/pam.d/fingerprint-auth-ac:auth        sufficient    pam_fprintd.so         

Steps to Reproduce:
1. Install core Fedora
2. Boot
3. Log in
4. Remove fprintd-pam
5. Log in again
6. Look in /var/log/secure
Actual results:

/lib/security/pam_fprintd.so is absent, even though it is referenced.

Expected results:

Either pam_fprintd.so should be installed, or it should not be referenced.

Comment 1 Tomas Mraz 2009-08-18 16:18:38 UTC
Use authconfig --disablefingerprint --update to remove it from the configuration. Anaconda by default enables it.

*** This bug has been marked as a duplicate of bug 505266 ***