Bug 70151 - pam_ldap fails after openssl-0.9.6b-24 install
pam_ldap fails after openssl-0.9.6b-24 install
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
7.2
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-30 15:37 EDT by kevin_myer
Modified: 2015-01-07 18:58 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 11:55:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description kevin_myer 2002-07-30 15:37:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020712

Description of problem:
pam_ldap complains of an undefined symbol after I installed the just released
openssl-0.9.6b-24 release that includes the recent security fixes.  The
undefined symbol is OpenSSLDie and pam_ldap.so is complaining about not finding
it in /lib/libssl.so.2.  It is defined in /lib/libcrypto.so.2, which pam_ldap.so
appears to be linked against as well.

The exact error messages are:
Jul 30 14:46:06 acorn sshd[10098]: PAM unable to dlopen(/lib/security/pam_ldap.so)
Jul 30 14:46:06 acorn sshd[10098]: PAM [dlerror: /lib/libssl.so.2: undefined
symbol: OpenSSLDie]
Jul 30 14:46:06 acorn sshd[10098]: PAM adding faulty module:
/lib/security/pam_ldap.so

Recompiling nss_ldap-189-2 and openssl-0.9.6b-24 didn't help so I backed out the
security patch (openssl-0.9.6b-sec.patch) and recompiled the openssl-0.9.6b-24
SRPM and pam_ldap.so is happy again.

I upgraded another Red Hat 7.2 box which was also using nss_ldap-189-2 - same
problem.  A Red Hat 7.3 box with the same version of nss_ldap exhibits the same
problems.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  Upgrade to openssl-0.9.6b-24 on a Red Hat 7.2 or 7.3 system with nss_ldap-189-2
2.  Try to login with anything that uses pam_ldap.so
3.
	

Actual Results:  Jul 30 15:35:11 teak sshd[9149]: PAM unable to
dlopen(/lib/security/pam_ldap.so)Jul 30 15:35:11 teak sshd[9149]: PAM [dlerror:
/lib/libssl.so.2: undefined symbol: OpenSSLDie]
Jul 30 15:35:11 teak sshd[9149]: PAM adding faulty module: /lib/security/pam_ldap.so
Jul 30 15:35:11 teak sshd[9149]: PAM rejected by account configuration[28]:
Module is unknown

Expected Results:  [myer@teak myer]$ 

(should have gotten a login prompt)

Additional info:

Latest errata applied to all machines, up to and including openssl-0.9.6b-24. 
I'm not sure if this is an nss-ldap problem or an openssl problem - I'm only
noticing it on my nss_ldap machines at the moment.
Comment 1 Need Real Name 2002-07-30 23:59:25 EDT
This happened to me too, exactly as described above.  The only difference is
that I'm using RedHat 7.3.
Comment 2 Need Real Name 2002-08-01 18:54:51 EDT
I've also tried this on RedHat 7.0, and it breaks as well.
Comment 3 Simon Matter 2002-08-05 09:25:31 EDT
That's exactly what I experienced on 7.2. I have checked the openssl packages as
well as other packages and they all seemed okay. I have then restarted sshd and
ssh was working again. I decided not touch any packages but just rebootet - like
winDOS - and everything seems okay again. The only thing I remember now was that
I used 'authconfig' to reconfigure LDAP authentication. Maybe this fixed it for
me but I don't remember exactly.
Comment 4 Need Real Name 2002-08-05 18:49:06 EDT
Ok, it looks as though the OpenSSL upgrade doesn't call ldconfig after it has
been installed.  Simply running /sbin/ldconfig fixed it for me - no reboot required.

This works for both 7.0 and 7.3 in my testing (I don't have a 7.2 box available,
but it should be the same)
Comment 5 kevin_myer 2002-08-06 11:13:50 EDT
It looks like that does fix the problem, although I also had to restart the
services to make them work.  /sbin/ldconfig didn't solve the problem entirely
for ssh since I had to restart ssh as well.  I'm not sure about the other
services I'm running but I suspect this will fix them as well.
Comment 6 Bill Nottingham 2006-08-07 14:27:46 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 7 Bill Nottingham 2006-10-18 11:55:36 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.