First Last Prev Next    This bug is not in your last search results.
Bug 173055 - 32-Bit libraries referenced in /etc/pam.d instead of 64-bit
32-Bit libraries referenced in /etc/pam.d instead of 64-bit
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cyrus-imapd (Show other bugs)
4.0
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Rockai
Brian Brock
:
: 192550 (view as bug list)
Depends On:
Blocks: 176344
  Show dependency treegraph
 
Reported: 2005-11-13 04:19 EST by Dirk Gfroerer
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0258
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 13:15:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Dirk Gfroerer 2005-11-13 04:19:32 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7

Description of problem:
Installed RHEL 4 U2 ES on a new dual Intel Xeon server. Used the AMD64/EM64T version of RHEL. The server is also used as an IMAP / POP3 server. So we installed cyrus. The authentication is done using saslauthd.
The cryus package creates the /etc/pam.d/imap and /etc/pam.d/pop3 files. These files contain references to the pam_stack.so library. However the reference is in the form /lib/security/pam_stack.so. This seems to be wrong on an AMD64/EM64T machine, since we were getting the following errors:

Nov 12 10:51:46 ghlx02 saslauthd[3986]: PAM unable to dlopen(/lib/security/pam_stack.so)
Nov 12 10:51:46 ghlx02 saslauthd[3986]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory]
Nov 12 10:51:46 ghlx02 saslauthd[3986]: PAM adding faulty module: /lib/security/pam_stack.so
Nov 12 10:51:46 ghlx02 saslauthd[3986]: do_auth         : auth failure: [user=digf] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]

Replacing /lib/security/pam_stack.so with /lib64/security/pam_stack.so in the pam files solved the issue.

Version-Release number of selected component (if applicable):
cyrus-imapd-2.2.12-3.RHEL4.1

How reproducible:
Always

Steps to Reproduce:
1. Install RHEL 4U2 x86_64 and cyrus.
2. Choses saslauthd for authentication (default)
3. Try to connect to the imap / pop3 server
  

Actual Results:  Authtentication not possible, errors in /var/log/messages

Expected Results:  Authentication possible.

Additional info:
Comment 1 Shane A. Stillwell 2006-02-20 12:12:27 EST 
Same exact problem here.

Hardware
Dell PowerEdge 430sc Dual Core
1GB RAM

Software
RHEL 4.2 EL x86_64

Kernel
2.6.9-22.ELsmp

RPMs
pam-0.77-66.11
cyrus-imapd-2.2.12-3.RHEL4.1
cyrus-sasl-2.1.19-5.EL4

-----Error message from saslauthd---
Feb 18 23:46:50 wesley saslauthd[11329]: PAM unable to
dlopen(/lib/security/pam_stack.so)
Feb 18 23:46:50 wesley saslauthd[11329]: PAM [dlerror:
/lib/security/pam_stack.so: cannot open shared object file: No such file or
directory]
Feb 18 23:46:50 wesley saslauthd[11329]: PAM adding faulty module:
/lib/security/pam_stack.so
Feb 18 23:46:50 wesley saslauthd[11329]: do_auth         : auth failure:
[user=sstillwell] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]

===================================

Cyrus uses saslauthd to authenticate. 
/etc/imapd.conf
---- snip ---
# Authentication
admins: cyrus
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
allowanonymouslogin: false
 
=========================================

Saslauthd uses pam to authenticate
/etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=-n 1

==================================

Pam uses LDAP to authenticate.

/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_localuser.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

===========================================


Hack:
Replaced /lib/security/pam_stack.so with /lib64/security/pam_stack.so

This fixed the issue, but as noted it's only a hack. It should be fixed
upstream. Thanks.
Comment 3 Petr Rockai 2006-05-30 12:52:59 EDT 
*** Bug 192550 has been marked as a duplicate of this bug. ***
Comment 5 RHEL Product and Program Management 2006-08-18 13:02:33 EDT 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 12 Shane A. Stillwell 2007-02-28 12:07:08 EST 
Ran into this same problem on a different server this time.  It was during an
upgrade to the latest packages that this started happening again.

Hardware:
Dell PowerEdge 2850

Redhat Enterprise Linux 4 update 4
2.6.9-42.0.10.ELsmp

Same thing started happening, giving error messages of 
========================================
Feb 28 10:57:20 faramir saslauthd[3260]: PAM unable to
dlopen(/lib/security/pam_stack.so)
Feb 28 10:57:20 faramir saslauthd[3260]: PAM [dlerror:
/lib/security/pam_stack.so: cannot open shared object file: No such file or
directory]
Feb 28 10:57:20 faramir saslauthd[3260]: PAM adding faulty module:
/lib/security/pam_stack.so
Feb 28 10:57:20 faramir saslauthd[3260]: do_auth         : auth failure:
[user=myusername] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
========================================

The hack again fixed this issue.  Copying the /lib64/security/pam_stack.so to
/lib/security/pam_stack.so

This bug has been replicated on two different platforms with similar scenarios.

Authentication for IMAP goes like this.
cyrus-imap -> saslauthd -> pam -> ldap

It only seems to be the cyrus-imapd that has a problem.  I also have
authentication for Postfix using saslauthd and it works fine.
Comment 13 Red Hat Bugzilla 2007-05-01 13:15:11 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0258.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.