Red Hat Bugzilla – Bug 505266
PAM unable to dlopen(/lib64/security/pam_fprintd.so)
Last modified: 2013-07-18 13:44:49 EDT
Description of problem: /var/log/secure has lots of messages like this one: "Jun 10 23:33:37 hermes su: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory Jun 10 23:33:37 hermes su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jun 10 23:33:41 hermes su: pam_unix(su-l:session): session opened for user root by ciupicri(uid=500)" Version-Release number of selected component (if applicable): pam-1.0.91-6.fc11.x86_64.rpm coreutils-7.2-1.fc11.x86_64.rpm (the package for su) How reproducible: Every time. Steps to Reproduce: 1. $ exec su - Actual results: PAM errors in /var/log/secure Expected results: no PAM errors in /var/log/secure Additional info: I haven't changed any PAM configuration, or any other authentication/authorization setting. I'm using the default settings. In spite of those errors su is running fine. I haven't noticed any problems yet.
This is certainly not a bug in PAM. Either disable Fingerprint authentication in the system-config-authentication dialog or install fprintd-pam package.
This seems to be a bug somewhere, but not necessarily related to the package. /var/log/secure reports a problem of a faulty PAM module (/lib64/security/pam_fprintd.so). This is a link, which points to "pam_fprintd.so.0.0.0". The rpm package, however, does include the actual pam-module. Reinstalling the single package solves the problem.
(In reply to comment #2) > /var/log/secure reports a problem of a faulty PAM module > (/lib64/security/pam_fprintd.so). This is a link, which points to > "pam_fprintd.so.0.0.0". $ ls /lib64/security/pam_fprintd* ls: cannot access /lib64/security/pam_fprintd*: No such file or directory
This is a bug in pam. - I do not have a fingerprint reader. - I do not have fprintd-pam package installed. pam package contains config files that reference files provided by fprintd-pam. That is broken. This is a minimal install without X libs or gtk; I cannot install system-config-authentication.
No, it is not. PAM contains only one file referencing the pam_fprintd - /etc/pam.d/fingerprint-auth, but this file is not used on system without gdm. Anaconda probably called authconfig (command line utility which does not need X or gtk) to configure pam_fprintd to system-auth.
Hmmm. I did a minimal text install (i.e. linux text in installer boot prompt). Default text install (no GDM, no X) ended up with pam configured to use fprint. I assume that would be an anaconda bug then?
Possibly.
I have also seen this exact same problem in the same circumstances. Minimum text install for my home server and get the /lib64/security/pam_fprintd.so in /var/log/secure with no manual config changes. I've just tried running authconfig --disablefingerprint --update and this has removed the pam_fprintd.so references in /etc/pam.d/system-auth and /etc/pam.d/system-auth-ac but not in /etc/pam.d/fingerprint-auth or /etc/pam.d/fingerprint-auth-ac. Let's see if this stops the errors appearing.
Just for anyone reading this bug after searching teh internetz for the /lib64/security/pam_fprintd.so error, running authconfig --disablefingerprint --update does indeed fix the problem (for text installations at least)
*** Bug 518056 has been marked as a duplicate of this bug. ***
I didn´t the authconfig. I just did yum -y install fprintd-pam and that solve the error messages, this really fiz the message erro.
(In reply to comment #11) > I didn´t the authconfig. > > I just did yum -y install fprintd-pam and that solve the error messages, this > really fiz the message erro. (I have Fedora-13-LXDE installed). I did the same but it caused my login session to freeze up. I could log out but I couldn't restart or shutdown. I did have mouse support though. * gnome-keyring-daemon was looking specifically for org.gnome.sessionmanager which I don't have because I'm using lxsession. * xscreensaver couldn't find my password. I think it was looking for a fingerprint - just a guess. Anyway I removed it.
Just got this too. [root@nohats ~]# grep pam_fprintd /etc/pam.d/* /etc/pam.d/fingerprint-auth:auth sufficient pam_fprintd.so /etc/pam.d/fingerprint-auth-ac:auth sufficient pam_fprintd.so /etc/pam.d/system-auth:auth sufficient pam_fprintd.so /etc/pam.d/system-auth-ac:auth sufficient pam_fprintd.so [root@nohats ~]# rpm -qV pam ....L.... c /etc/pam.d/fingerprint-auth ....L.... c /etc/pam.d/password-auth ....L.... c /etc/pam.d/smartcard-auth ....L.... c /etc/pam.d/system-auth yum reinstall pam did not work. And no .rpmnew file was there. But the following worked: mv /etc/pam.d/system-auth /tmp yum reinstall pam [root@nohats ~]# grep fprintd /etc/pam.d/system-auth [root@nohats ~]# So perhaps something in the upgrade path causing this