518056 – PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed

Bug 518056 - PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed

Summary: PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam ...

Keywords:
Status:	CLOSED DUPLICATE of bug 505266
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	11
Hardware:	i586
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-08-18 15:57 UTC by David Howells
Modified:	2009-08-18 16:18 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-08-18 16:18:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David Howells 2009-08-18 15:57:31 UTC

Description of problem:

I've just made an installation of a very basic F11 on a 32-bit x86 board.  There is no graphics or keyboard hardware so no desktop packages are installed, except where a dependency requires them.  There's also no fingerprint reader, so the fprint packages aren't installed.

I see this in /var/log/secure when I log in:

Aug 18 16:31:47 gatekeeper login: PAM unable to dlopen(/lib/security/pam_fprintd
.so): /lib/security/pam_fprintd.so: cannot open shared object file: No such file
 or directory                                                                   
Aug 18 16:31:47 gatekeeper login: PAM adding faulty module: /lib/security/pam_fp
rintd.so                                                                        
Aug 18 16:31:52 gatekeeper login: pam_unix(login:session): session opened for us
er root by (uid=0)                                                              
Aug 18 16:31:52 gatekeeper login: DIALUP AT ttyS0 BY root                       
Aug 18 16:31:52 gatekeeper login: ROOT LOGIN ON ttyS0                           

If I run authconfig --updateall, I see:

authconfig: Authentication module /lib/security/pam_fprintd.so is missing. Authentication process will not work correctly.                                      


Version-Release number of selected component (if applicable):

pam-1.0.91-6.fc11.i586                                                          
authconfig-5.4.10-1.fc11.i586                                                   

How reproducible:

I see the error message crop up in the secure log every time I try to log in, or every time someone tries to crack my SSH daemon.

/lib/security/pam_fprintd.so is not present because fprintd-pam is not installed; it is, however, still referenced in /etc/pam.d/

[root@gatekeeper ~]# grep -r fprintd /etc/pam.d                                 
/etc/pam.d/fingerprint-auth:auth        sufficient    pam_fprintd.so            
/etc/pam.d/system-auth:auth        sufficient    pam_fprintd.so                 
/etc/pam.d/system-auth-ac:auth        sufficient    pam_fprintd.so              
/etc/pam.d/fingerprint-auth-ac:auth        sufficient    pam_fprintd.so         


Steps to Reproduce:
1. Install core Fedora
2. Boot
3. Log in
4. Remove fprintd-pam
5. Log in again
6. Look in /var/log/secure
  
Actual results:

/lib/security/pam_fprintd.so is absent, even though it is referenced.

Expected results:

Either pam_fprintd.so should be installed, or it should not be referenced.

Comment 1 Tomas Mraz 2009-08-18 16:18:38 UTC

Use authconfig --disablefingerprint --update to remove it from the configuration. Anaconda by default enables it.

*** This bug has been marked as a duplicate of bug 505266 ***

Note You need to log in before you can comment on or make changes to this bug.