Bug 966373
Summary: | After update, the pam auth module .so-file is missing. Configurations using pam auth fails after upgrade | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | David Björkevik <david> |
Component: | openvpn | Assignee: | Steven Pritchard <steve> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | el6 | CC: | dm, gwync, huzaifas, james.juran, kalaklanar, lampe, rhbugzilla, steve |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openvpn-2.3.1-3.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-06-10 17:05:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Björkevik
2013-05-23 08:04:00 UTC
It's now supposed to be at: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so But is missing. I'll get an update out. openvpn-2.3.1-2.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/openvpn-2.3.1-2.el5 openvpn-2.3.1-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/openvpn-2.3.1-2.el6 These plugins should still be in the old place, because you are breaking existing installations -- mine for example. I agree that the new path is nicer, but if EPEL mimics RHEL, this will have to wait until EL7. Not simply the path, but the filename has changed as well. If you can try a symlink from the old name and path to the new, and confirm that it works, I'll include that. I'd rather change my configuration. Point is that EPEL behaves very much _unlike_ RHEL here. With RHEL, you just do "yum update" and you are set. No surprises -- OK, major updates can have some. OpenVPN not working after this update caught me unexpected and somehow pissed. Why do we need new paths/names? The old ones are as good as everything. Consistency is the difference between Fedora and RHEL (to which I would like to add EPEL). Package openvpn-2.3.1-2.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing openvpn-2.3.1-2.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5907/openvpn-2.3.1-2.el5 then log in and leave karma (feedback). I'm not sure, you'd have to ask upstream. The only reason I updated to 2.3.1 in EPEL at all was the CVE. WRT consistency, EPEL aims for RHEL's consistency, but doesn't completely acheive it, being a volunteer organization like Fedora. We do our best. Caught between changes and CVEs, I tend to err on the side of fixing CVEs. Fair enough. But then: I can rebuild the original Fedora RPMs myself. What do I need EPEL for? Wasn't there a simple patch for this CVE? RHEL would have fixed it that way. But hey! RHEL doesn't even provide openvpn. *** Bug 966824 has been marked as a duplicate of this bug. *** Jon, Thank you for doing this update. I ran into the missing plugin issue with the openvpn-down-root.so plugin. I have to agree with Michael that moving the plugins in an update causes big problems. As you requested, I confirmed that a symlink to the old directory and plugin name makes my existing configuration work. If you can add a patch to put them back in their old place for at least el6 and below I would greatly appreciate it. Ok, thanks, I'll get that out ASAP. openvpn-2.3.1-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/openvpn-2.3.1-3.el6 openvpn-2.3.1-3.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/openvpn-2.3.1-3.el5 Wow that was really fast, thank you. openvpn-2.3.1-3.el6 works for me. openvpn-2.3.1-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. openvpn-2.3.1-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. The same problem has appeared in the newest release for EPEL 6, openvpn-2.3.2-1.el6.x86_64 I see the plugins in their new location, as well as the symlinks, what does rpm -q --verify openvpn give you? [root@zuzz /]# rpm -q --verify openvpn [root@zuzz /]# grep openvpn /var/log/messages Aug 30 10:14:10 zuzz openvpn[23356]: PLUGIN_INIT: could not load plugin shared object /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so: cannot open shared object file: No such file or directory Aug 30 10:14:10 zuzz openvpn[23356]: Exiting due to fatal error So, nothing (log file edited for redundancy, removing earlier attempts) What do you see in /usr/share/openvpn/plugin/lib/ ? [root@zuzz ~]# ls -alF /usr/share/openvpn/plugin/lib/ ls: cannot access /usr/share/openvpn/plugin/lib/: No such file or directory [root@zuzz ~]# rpm -ql openvpn /etc/openvpn /etc/rc.d/init.d/openvpn /usr/lib64/openvpn /usr/lib64/openvpn/plugin /usr/lib64/openvpn/plugin/lib /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /usr/lib64/openvpn/plugin/lib/openvpn-down-root.so /usr/lib64/openvpn/plugins /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so /usr/sbin/openvpn /usr/share/doc/openvpn-2.3.2 /usr/share/doc/openvpn-2.3.2/AUTHORS /usr/share/doc/openvpn-2.3.2/COPYING /usr/share/doc/openvpn-2.3.2/COPYRIGHT.GPL /usr/share/doc/openvpn-2.3.2/INSTALL /usr/share/doc/openvpn-2.3.2/PORTS /usr/share/doc/openvpn-2.3.2/README /usr/share/doc/openvpn-2.3.2/README.auth-pam /usr/share/doc/openvpn-2.3.2/README.down-root /usr/share/doc/openvpn-2.3.2/contrib /usr/share/doc/openvpn-2.3.2/contrib/OCSP_check /usr/share/doc/openvpn-2.3.2/contrib/OCSP_check/OCSP_check.sh /usr/share/doc/openvpn-2.3.2/contrib/README /usr/share/doc/openvpn-2.3.2/contrib/multilevel-init.patch /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00 /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/README /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf/client.down /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf/client.up /usr/share/doc/openvpn-2.3.2/sample /usr/share/doc/openvpn-2.3.2/sample/Makefile /usr/share/doc/openvpn-2.3.2/sample/Makefile.am /usr/share/doc/openvpn-2.3.2/sample/Makefile.in /usr/share/doc/openvpn-2.3.2/sample/sample-config-files /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/README /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/firewall.sh /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/home.up /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/loopback-client /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/loopback-server /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/office.up /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/openvpn-shutdown.sh /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/openvpn-startup.sh /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/roadwarrior-client.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/roadwarrior-server.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/static-home.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/static-office.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/tls-home.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/tls-office.conf /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/xinetd-client-config /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/xinetd-server-config /usr/share/doc/openvpn-2.3.2/sample/sample-keys /usr/share/doc/openvpn-2.3.2/sample/sample-keys/README /usr/share/doc/openvpn-2.3.2/sample/sample-keys/ca.crt /usr/share/doc/openvpn-2.3.2/sample/sample-keys/ca.key /usr/share/doc/openvpn-2.3.2/sample/sample-keys/client.crt /usr/share/doc/openvpn-2.3.2/sample/sample-keys/client.key /usr/share/doc/openvpn-2.3.2/sample/sample-keys/dh1024.pem /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pass.crt /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pass.key /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pkcs12.p12 /usr/share/doc/openvpn-2.3.2/sample/sample-keys/server.crt /usr/share/doc/openvpn-2.3.2/sample/sample-keys/server.key /usr/share/doc/openvpn-2.3.2/sample/sample-plugins /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/README /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/build /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/simple.c /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/simple.def /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/winbuild /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/build /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/log.c /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/log_v3.c /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/winbuild /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/README /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/build /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/simple.c /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/simple.def /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/winbuild /usr/share/doc/openvpn-2.3.2/sample/sample-scripts /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/auth-pam.pl /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/bridge-start /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/bridge-stop /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/ucn.pl /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/verify-cn /usr/share/doc/openvpn-2.3.2/sample/sample-windows /usr/share/doc/openvpn-2.3.2/sample/sample-windows/sample.ovpn /usr/share/man/man8/openvpn.8.gz /usr/share/openvpn /var/run/openvpn Ok, it looks like there's in /usr/lib64, where they should be. Do you know what's looking for them in /usr/share? [root@zuzz sample-config-files]# grep lib /etc/openvpn/server.conf plugin /usr/share/openvpn/plugin/lib64/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS So it looks like it was in a file that isn't distributed with the RPM, so it sounds like this bug can be re-closed. [root@zuzz sample-config-files]# grep lib /etc/openvpn/server.conf plugin /usr/share/openvpn/plugin/lib64/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS So it looks like it was in a file that isn't distributed with the RPM, so it sounds like this bug should be kept closed. |