Red Hat Bugzilla – Bug 1024965
pam_ssh_agent_auth: symbol "xfree" not found
Last modified: 2013-11-10 02:42:47 EST
Description of problem:
pam_ssh_agent_auth uses the openbsd-compat library. The original package contains copies of various openssh source files. In Fedora however, the package is compiled as part of the openssh package, so that the original upstream sources can be used.
The upstream openssh nuked "xfree", which is still used by pam_ssh_agent_auth. The result is a shared library that builds, but when it is dlopen()'d, it bails out with an unknown symbol error.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. # yum install pam_ssh_agent_auth
2. add the line "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" to /etc/pam.d/sudo
3. Log in to the system with an ssh public key, making sure to specify "-A" to enable agent forwarding.
4. # sudo ls
5. Observer the following error in /var/log/secure: "PAM unable to dlopen(/usr/lib64/security/pam_ssh_agent_auth.so): /usr/lib64/security/pam_ssh_agent_auth.so: undefined symbol: xfree"
Easiest fix is probably to do a global replace of "xfree" with "free". Patch attached.
Created attachment 817512 [details]
This patch replaces calls to "xfree()" with "free()". I have tested the patch on the current Fedora 20 branch (10/30/2013).
Thanks for the patch. I'm working on update of pam_ssh_agent_auth to 0.9.5 version which solves this issue too.
pam_ssh_agent_auth-0.9.5 is hardly compilable with the latest openssh code and without openssh code, it's not able to use ecdsa keys. So I've used your patch . Thanks.
openssh-6.3p1-5.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-6.3p1-5.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
openssh-6.3p1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.