Bug 505266 - PAM unable to dlopen(/lib64/security/pam_fprintd.so)
Summary: PAM unable to dlopen(/lib64/security/pam_fprintd.so)
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: 11
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
: 518056 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2009-06-11 09:12 UTC by Cristian Ciupitu
Modified: 2020-02-05 05:52 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-06-11 09:38:51 UTC
Type: ---

Attachments (Terms of Use)

Description Cristian Ciupitu 2009-06-11 09:12:40 UTC
Description of problem:
/var/log/secure has lots of messages like this one:
"Jun 10 23:33:37 hermes su: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
 Jun 10 23:33:37 hermes su: PAM adding faulty module: /lib64/security/pam_fprintd.so
 Jun 10 23:33:41 hermes su: pam_unix(su-l:session): session opened for user root by ciupicri(uid=500)"

Version-Release number of selected component (if applicable):
coreutils-7.2-1.fc11.x86_64.rpm (the package for su)

How reproducible:
Every time.

Steps to Reproduce:
1. $ exec su -
Actual results:
PAM errors in /var/log/secure

Expected results:
no PAM errors in /var/log/secure

Additional info:
I haven't changed any PAM configuration, or any other authentication/authorization setting. I'm using the default settings.
In spite of those errors su is running fine. I haven't noticed any problems yet.

Comment 1 Tomas Mraz 2009-06-11 09:38:51 UTC
This is certainly not a bug in PAM.

Either disable Fingerprint authentication in the system-config-authentication dialog or install fprintd-pam package.

Comment 2 Andreas Abati 2009-06-19 14:53:51 UTC
This seems to be a bug somewhere, but not necessarily related to the package.

/var/log/secure reports a problem of a faulty PAM module (/lib64/security/pam_fprintd.so). This is a link, which points to "pam_fprintd.so.0.0.0". 

The rpm package, however, does include the actual pam-module. Reinstalling the single package solves the problem.

Comment 3 Cristian Ciupitu 2009-06-19 15:33:55 UTC
(In reply to comment #2)
> /var/log/secure reports a problem of a faulty PAM module
> (/lib64/security/pam_fprintd.so). This is a link, which points to
> "pam_fprintd.so.0.0.0". 

$ ls /lib64/security/pam_fprintd*
ls: cannot access /lib64/security/pam_fprintd*: No such file or directory

Comment 4 Saikat Guha 2009-06-26 10:28:23 UTC
This is a bug in pam.

- I do not have a fingerprint reader.
- I do not have fprintd-pam package installed.

pam package contains config files that reference files provided by fprintd-pam. That is broken.

This is a minimal install without X libs or gtk; I cannot install system-config-authentication.

Comment 5 Tomas Mraz 2009-06-26 11:14:42 UTC
No, it is not. PAM contains only one file referencing the pam_fprintd - /etc/pam.d/fingerprint-auth, but this file is not used on system without gdm. Anaconda probably called authconfig (command line utility which does not need X or gtk) to configure pam_fprintd to system-auth.

Comment 6 Saikat Guha 2009-06-26 11:39:10 UTC
Hmmm. I did a minimal text install (i.e. linux text in installer boot prompt). Default text install (no GDM, no X) ended up with pam configured to use fprint. I assume that would be an anaconda bug then?

Comment 7 Tomas Mraz 2009-06-26 11:50:17 UTC

Comment 8 Gavin Edwards 2009-07-30 14:38:19 UTC
I have also seen this exact same problem in the same circumstances. Minimum text install for my home server and get the /lib64/security/pam_fprintd.so in /var/log/secure with no manual config changes.

I've just tried running authconfig --disablefingerprint --update and this has removed the pam_fprintd.so references in /etc/pam.d/system-auth and /etc/pam.d/system-auth-ac but not in /etc/pam.d/fingerprint-auth or /etc/pam.d/fingerprint-auth-ac.

Let's see if this stops the errors appearing.

Comment 9 Gavin Edwards 2009-07-30 14:48:11 UTC
Just for anyone reading this bug after searching teh internetz for the /lib64/security/pam_fprintd.so error, running

authconfig --disablefingerprint --update

does indeed fix the problem (for text installations at least)

Comment 10 Tomas Mraz 2009-08-18 16:18:38 UTC
*** Bug 518056 has been marked as a duplicate of this bug. ***

Comment 11 Adriano 2009-10-20 14:40:12 UTC
I didn´t the authconfig.

I just did  yum -y install fprintd-pam and that solve the error messages, this really fiz the message erro.

Comment 12 about2cure 2011-04-10 11:56:04 UTC
(In reply to comment #11)
> I didn´t the authconfig.
> I just did  yum -y install fprintd-pam and that solve the error messages, this
> really fiz the message erro.

(I have Fedora-13-LXDE installed).  

I did the same but it caused my login session to freeze up. I could log out but I couldn't restart or shutdown.  I did have mouse support though. 
* gnome-keyring-daemon was looking specifically for org.gnome.sessionmanager which I don't have because I'm using lxsession.
* xscreensaver couldn't find my password. I think it was looking for a fingerprint - just a guess.

Anyway I removed it.

Comment 13 Paul Wouters 2012-12-14 16:10:12 UTC
Just got this too.

[root@nohats ~]# grep pam_fprintd /etc/pam.d/*
/etc/pam.d/fingerprint-auth:auth        sufficient    pam_fprintd.so
/etc/pam.d/fingerprint-auth-ac:auth        sufficient    pam_fprintd.so
/etc/pam.d/system-auth:auth        sufficient    pam_fprintd.so
/etc/pam.d/system-auth-ac:auth        sufficient    pam_fprintd.so

[root@nohats ~]# rpm -qV pam
....L....  c /etc/pam.d/fingerprint-auth
....L....  c /etc/pam.d/password-auth
....L....  c /etc/pam.d/smartcard-auth
....L....  c /etc/pam.d/system-auth

yum reinstall pam did not work. And no .rpmnew file was there. But the following worked:

mv /etc/pam.d/system-auth /tmp
yum reinstall pam

[root@nohats ~]# grep fprintd /etc/pam.d/system-auth
[root@nohats ~]# 

So perhaps something in the upgrade path causing this

Note You need to log in before you can comment on or make changes to this bug.