Bug 518056 - PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam isn't installed
PAM config files refer to pam_fprintd.so, which doesn't exist if fprintd-pam ...
Status: CLOSED DUPLICATE of bug 505266
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
11
i586 Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-18 11:57 EDT by David Howells
Modified: 2009-08-18 12:18 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-18 12:18:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Howells 2009-08-18 11:57:31 EDT
Description of problem:

I've just made an installation of a very basic F11 on a 32-bit x86 board.  There is no graphics or keyboard hardware so no desktop packages are installed, except where a dependency requires them.  There's also no fingerprint reader, so the fprint packages aren't installed.

I see this in /var/log/secure when I log in:

Aug 18 16:31:47 gatekeeper login: PAM unable to dlopen(/lib/security/pam_fprintd
.so): /lib/security/pam_fprintd.so: cannot open shared object file: No such file
 or directory                                                                   
Aug 18 16:31:47 gatekeeper login: PAM adding faulty module: /lib/security/pam_fp
rintd.so                                                                        
Aug 18 16:31:52 gatekeeper login: pam_unix(login:session): session opened for us
er root by (uid=0)                                                              
Aug 18 16:31:52 gatekeeper login: DIALUP AT ttyS0 BY root                       
Aug 18 16:31:52 gatekeeper login: ROOT LOGIN ON ttyS0                           

If I run authconfig --updateall, I see:

authconfig: Authentication module /lib/security/pam_fprintd.so is missing. Authentication process will not work correctly.                                      


Version-Release number of selected component (if applicable):

pam-1.0.91-6.fc11.i586                                                          
authconfig-5.4.10-1.fc11.i586                                                   

How reproducible:

I see the error message crop up in the secure log every time I try to log in, or every time someone tries to crack my SSH daemon.

/lib/security/pam_fprintd.so is not present because fprintd-pam is not installed; it is, however, still referenced in /etc/pam.d/

[root@gatekeeper ~]# grep -r fprintd /etc/pam.d                                 
/etc/pam.d/fingerprint-auth:auth        sufficient    pam_fprintd.so            
/etc/pam.d/system-auth:auth        sufficient    pam_fprintd.so                 
/etc/pam.d/system-auth-ac:auth        sufficient    pam_fprintd.so              
/etc/pam.d/fingerprint-auth-ac:auth        sufficient    pam_fprintd.so         


Steps to Reproduce:
1. Install core Fedora
2. Boot
3. Log in
4. Remove fprintd-pam
5. Log in again
6. Look in /var/log/secure
  
Actual results:

/lib/security/pam_fprintd.so is absent, even though it is referenced.

Expected results:

Either pam_fprintd.so should be installed, or it should not be referenced.
Comment 1 Tomas Mraz 2009-08-18 12:18:38 EDT
Use authconfig --disablefingerprint --update to remove it from the configuration. Anaconda by default enables it.

*** This bug has been marked as a duplicate of bug 505266 ***

Note You need to log in before you can comment on or make changes to this bug.