Bug 518056 - PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed
Summary: PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam ...
Keywords:
Status: CLOSED DUPLICATE of bug 505266
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: 11
Hardware: i586
OS: Linux
low
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-18 15:57 UTC by David Howells
Modified: 2009-08-18 16:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-18 16:18:38 UTC


Attachments (Terms of Use)

Description David Howells 2009-08-18 15:57:31 UTC
Description of problem:

I've just made an installation of a very basic F11 on a 32-bit x86 board.  There is no graphics or keyboard hardware so no desktop packages are installed, except where a dependency requires them.  There's also no fingerprint reader, so the fprint packages aren't installed.

I see this in /var/log/secure when I log in:

Aug 18 16:31:47 gatekeeper login: PAM unable to dlopen(/lib/security/pam_fprintd
.so): /lib/security/pam_fprintd.so: cannot open shared object file: No such file
 or directory                                                                   
Aug 18 16:31:47 gatekeeper login: PAM adding faulty module: /lib/security/pam_fp
rintd.so                                                                        
Aug 18 16:31:52 gatekeeper login: pam_unix(login:session): session opened for us
er root by (uid=0)                                                              
Aug 18 16:31:52 gatekeeper login: DIALUP AT ttyS0 BY root                       
Aug 18 16:31:52 gatekeeper login: ROOT LOGIN ON ttyS0                           

If I run authconfig --updateall, I see:

authconfig: Authentication module /lib/security/pam_fprintd.so is missing. Authentication process will not work correctly.                                      


Version-Release number of selected component (if applicable):

pam-1.0.91-6.fc11.i586                                                          
authconfig-5.4.10-1.fc11.i586                                                   

How reproducible:

I see the error message crop up in the secure log every time I try to log in, or every time someone tries to crack my SSH daemon.

/lib/security/pam_fprintd.so is not present because fprintd-pam is not installed; it is, however, still referenced in /etc/pam.d/

[root@gatekeeper ~]# grep -r fprintd /etc/pam.d                                 
/etc/pam.d/fingerprint-auth:auth        sufficient    pam_fprintd.so            
/etc/pam.d/system-auth:auth        sufficient    pam_fprintd.so                 
/etc/pam.d/system-auth-ac:auth        sufficient    pam_fprintd.so              
/etc/pam.d/fingerprint-auth-ac:auth        sufficient    pam_fprintd.so         


Steps to Reproduce:
1. Install core Fedora
2. Boot
3. Log in
4. Remove fprintd-pam
5. Log in again
6. Look in /var/log/secure
  
Actual results:

/lib/security/pam_fprintd.so is absent, even though it is referenced.

Expected results:

Either pam_fprintd.so should be installed, or it should not be referenced.

Comment 1 Tomas Mraz 2009-08-18 16:18:38 UTC
Use authconfig --disablefingerprint --update to remove it from the configuration. Anaconda by default enables it.

*** This bug has been marked as a duplicate of bug 505266 ***


Note You need to log in before you can comment on or make changes to this bug.