Description of problem: pam_ssh_agent_auth uses the openbsd-compat library. The original package contains copies of various openssh source files. In Fedora however, the package is compiled as part of the openssh package, so that the original upstream sources can be used. The upstream openssh nuked "xfree", which is still used by pam_ssh_agent_auth. The result is a shared library that builds, but when it is dlopen()'d, it bails out with an unknown symbol error. Version-Release number of selected component (if applicable): openssh-6.3p1-4.fc20 How reproducible: Always Steps to Reproduce: 1. # yum install pam_ssh_agent_auth 2. add the line "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" to /etc/pam.d/sudo 3. Log in to the system with an ssh public key, making sure to specify "-A" to enable agent forwarding. 4. # sudo ls 5. Observer the following error in /var/log/secure: "PAM unable to dlopen(/usr/lib64/security/pam_ssh_agent_auth.so): /usr/lib64/security/pam_ssh_agent_auth.so: undefined symbol: xfree" Additional info: Easiest fix is probably to do a global replace of "xfree" with "free". Patch attached.
Created attachment 817512 [details] Possible patch. This patch replaces calls to "xfree()" with "free()". I have tested the patch on the current Fedora 20 branch (10/30/2013).
Thanks for the patch. I'm working on update of pam_ssh_agent_auth to 0.9.5 version which solves this issue too.
pam_ssh_agent_auth-0.9.5 is hardly compilable with the latest openssh code and without openssh code, it's not able to use ecdsa keys. So I've used your patch [1]. Thanks. [1] http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?h=f20&id=5795323a535f32e23c61afdcf6f547f5b2d0f2ab
openssh-6.3p1-5.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/openssh-6.3p1-5.fc20
Package openssh-6.3p1-5.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.3p1-5.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-20464/openssh-6.3p1-5.fc20 then log in and leave karma (feedback).
openssh-6.3p1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.