Almost all pam modules shipped with RHEL 3 (U5) and RHEL 4 (U1) have missing symbols (pam_get_item, pam_set_item,...). Missing symbols cause pam library to fail when authentication is performed into intermediate libs opened via dlopen by the caller program. Missing symbols are defined in libpam that, usually, it is not linked by the modules. More info: http://openvpn.net/archive/openvpn-devel/2005-06/msg00037.html http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/modules/pam_unix/Makefile?view=log#rev1.5 This issue involves great part of the modules included in pam-*.rpm, pam_krb5-*.rpm and may be more (for a complete list run ldd -r pam_module on the module directory). To reproduce the problem: 1) create a shared library calling libpam auth functions. 2) create a program that uses the library created at the previous step using dlopen 3) run it.
I agree that this is a real problem and that it should be fixed. Please enter this problem into the Support Issue Tracker so it can be properly prioritized. Mention this bug report number in that entry.
This issue is on Red Hat Engineering's list of planned work items for the upcoming Red Hat Enterprise Linux 3.8 release. Engineering resources have been assigned and barring unforeseen circumstances, Red Hat intends to include this item in the 3.8 release.
This is being fixed for modules from the basic pam package however other modules such as pam_krb5 should be fixed as well. There should be new bug reports against each package which contains such PAM modules.
What about RH 4?
The pam package is scheduled to be updated there as well if all goes well.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0346.html