From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020712 Description of problem: pam_ldap complains of an undefined symbol after I installed the just released openssl-0.9.6b-24 release that includes the recent security fixes. The undefined symbol is OpenSSLDie and pam_ldap.so is complaining about not finding it in /lib/libssl.so.2. It is defined in /lib/libcrypto.so.2, which pam_ldap.so appears to be linked against as well. The exact error messages are: Jul 30 14:46:06 acorn sshd[10098]: PAM unable to dlopen(/lib/security/pam_ldap.so) Jul 30 14:46:06 acorn sshd[10098]: PAM [dlerror: /lib/libssl.so.2: undefined symbol: OpenSSLDie] Jul 30 14:46:06 acorn sshd[10098]: PAM adding faulty module: /lib/security/pam_ldap.so Recompiling nss_ldap-189-2 and openssl-0.9.6b-24 didn't help so I backed out the security patch (openssl-0.9.6b-sec.patch) and recompiled the openssl-0.9.6b-24 SRPM and pam_ldap.so is happy again. I upgraded another Red Hat 7.2 box which was also using nss_ldap-189-2 - same problem. A Red Hat 7.3 box with the same version of nss_ldap exhibits the same problems. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Upgrade to openssl-0.9.6b-24 on a Red Hat 7.2 or 7.3 system with nss_ldap-189-2 2. Try to login with anything that uses pam_ldap.so 3. Actual Results: Jul 30 15:35:11 teak sshd[9149]: PAM unable to dlopen(/lib/security/pam_ldap.so)Jul 30 15:35:11 teak sshd[9149]: PAM [dlerror: /lib/libssl.so.2: undefined symbol: OpenSSLDie] Jul 30 15:35:11 teak sshd[9149]: PAM adding faulty module: /lib/security/pam_ldap.so Jul 30 15:35:11 teak sshd[9149]: PAM rejected by account configuration[28]: Module is unknown Expected Results: [myer@teak myer]$ (should have gotten a login prompt) Additional info: Latest errata applied to all machines, up to and including openssl-0.9.6b-24. I'm not sure if this is an nss-ldap problem or an openssl problem - I'm only noticing it on my nss_ldap machines at the moment.
This happened to me too, exactly as described above. The only difference is that I'm using RedHat 7.3.
I've also tried this on RedHat 7.0, and it breaks as well.
That's exactly what I experienced on 7.2. I have checked the openssl packages as well as other packages and they all seemed okay. I have then restarted sshd and ssh was working again. I decided not touch any packages but just rebootet - like winDOS - and everything seems okay again. The only thing I remember now was that I used 'authconfig' to reconfigure LDAP authentication. Maybe this fixed it for me but I don't remember exactly.
Ok, it looks as though the OpenSSL upgrade doesn't call ldconfig after it has been installed. Simply running /sbin/ldconfig fixed it for me - no reboot required. This works for both 7.0 and 7.3 in my testing (I don't have a 7.2 box available, but it should be the same)
It looks like that does fix the problem, although I also had to restart the services to make them work. /sbin/ldconfig didn't solve the problem entirely for ssh since I had to restart ssh as well. I'm not sure about the other services I'm running but I suspect this will fix them as well.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.