Red Hat Bugzilla – Bug 518056
PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed
Last modified: 2009-08-18 12:18:38 EDT
Description of problem:
I've just made an installation of a very basic F11 on a 32-bit x86 board. There is no graphics or keyboard hardware so no desktop packages are installed, except where a dependency requires them. There's also no fingerprint reader, so the fprint packages aren't installed.
I see this in /var/log/secure when I log in:
Aug 18 16:31:47 gatekeeper login: PAM unable to dlopen(/lib/security/pam_fprintd
.so): /lib/security/pam_fprintd.so: cannot open shared object file: No such file
Aug 18 16:31:47 gatekeeper login: PAM adding faulty module: /lib/security/pam_fp
Aug 18 16:31:52 gatekeeper login: pam_unix(login:session): session opened for us
er root by (uid=0)
Aug 18 16:31:52 gatekeeper login: DIALUP AT ttyS0 BY root
Aug 18 16:31:52 gatekeeper login: ROOT LOGIN ON ttyS0
If I run authconfig --updateall, I see:
authconfig: Authentication module /lib/security/pam_fprintd.so is missing. Authentication process will not work correctly.
Version-Release number of selected component (if applicable):
I see the error message crop up in the secure log every time I try to log in, or every time someone tries to crack my SSH daemon.
/lib/security/pam_fprintd.so is not present because fprintd-pam is not installed; it is, however, still referenced in /etc/pam.d/
[root@gatekeeper ~]# grep -r fprintd /etc/pam.d
/etc/pam.d/fingerprint-auth:auth sufficient pam_fprintd.so
/etc/pam.d/system-auth:auth sufficient pam_fprintd.so
/etc/pam.d/system-auth-ac:auth sufficient pam_fprintd.so
/etc/pam.d/fingerprint-auth-ac:auth sufficient pam_fprintd.so
Steps to Reproduce:
1. Install core Fedora
3. Log in
4. Remove fprintd-pam
5. Log in again
6. Look in /var/log/secure
/lib/security/pam_fprintd.so is absent, even though it is referenced.
Either pam_fprintd.so should be installed, or it should not be referenced.
Use authconfig --disablefingerprint --update to remove it from the configuration. Anaconda by default enables it.
*** This bug has been marked as a duplicate of bug 505266 ***