Bug 72179 - PAM + OpenSSL + pam_ldap (nss_ldap) fails (blocks login)
Summary: PAM + OpenSSL + pam_ldap (nss_ldap) fails (blocks login)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssl (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: i386 Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2002-08-21 18:36 UTC by Richard L. Goerwitz III
Modified: 2007-04-18 16:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-04 10:20:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Richard L. Goerwitz III 2002-08-21 18:36:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Description of problem:
When PAM is used with pam_ldap (nss_ldap), PAM can't seem to load the
pam_ldap.so module.  It dies when pam_ldap.so tries to load libssl.  If
we turn on debugging ('debug' option of pam_ldap in /etc/pam.d/system-
auth), we get this message to the logs:

Aug 21 13:15:56 spearmint sshd[27410]: PAM unable to
Aug 21 13:15:56 spearmint sshd[27410]: PAM [dlerror: /lib/libssl.so.2: undefined
symbol: OpenSSLDie]
Aug 21 13:15:56 spearmint sshd[27410]: PAM adding faulty module:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. edit /etc/pam.d/system-auth to use /lib/security/pam_ldap.so debug
   for auth:

   auth        sufficient    /lib/security/pam_unix.so likeauth nullok
   auth        sufficient    /lib/security/pam_ldap.so debug

2. make sure your /etc/ldap.conf file is set up to let you talk to an
   actual LDAP server
3. try to log in	

Actual Results:  I can't log in

Expected Results:  I should be able to log in

Additional info:

This is kind of important, as I'm now locked out of several machines
and have been forced to turn off LDAP authentication

Comment 1 Richard L. Goerwitz III 2002-08-21 18:57:13 UTC
Run /sbin/ldconfig and restart sshd (and perhaps some other similar services)
and the unresolved symbol error will go away.

Comment 2 Anthony Rumble 2002-11-09 02:04:55 UTC
The above fix worked for me too.. It seems to happen if you upgrade to the
latest OpenSSL that comes in the errata (In my case Redhat 7.1 Alpha). And you
have an sshd running.

Comment 3 Tomas Mraz 2005-02-04 10:20:42 UTC
This doesn't apply to current distributions.

Note You need to log in before you can comment on or make changes to this bug.