Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 72179 - PAM + OpenSSL + pam_ldap (nss_ldap) fails (blocks login)
PAM + OpenSSL + pam_ldap (nss_ldap) fails (blocks login)
Product: Red Hat Linux
Classification: Retired
Component: openssl (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2002-08-21 14:36 EDT by Richard L. Goerwitz III
Modified: 2007-04-18 12:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-04 05:20:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard L. Goerwitz III 2002-08-21 14:36:11 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Description of problem:
When PAM is used with pam_ldap (nss_ldap), PAM can't seem to load the
pam_ldap.so module.  It dies when pam_ldap.so tries to load libssl.  If
we turn on debugging ('debug' option of pam_ldap in /etc/pam.d/system-
auth), we get this message to the logs:

Aug 21 13:15:56 spearmint sshd[27410]: PAM unable to
Aug 21 13:15:56 spearmint sshd[27410]: PAM [dlerror: /lib/libssl.so.2: undefined
symbol: OpenSSLDie]
Aug 21 13:15:56 spearmint sshd[27410]: PAM adding faulty module:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. edit /etc/pam.d/system-auth to use /lib/security/pam_ldap.so debug
   for auth:

   auth        sufficient    /lib/security/pam_unix.so likeauth nullok
   auth        sufficient    /lib/security/pam_ldap.so debug

2. make sure your /etc/ldap.conf file is set up to let you talk to an
   actual LDAP server
3. try to log in	

Actual Results:  I can't log in

Expected Results:  I should be able to log in

Additional info:

This is kind of important, as I'm now locked out of several machines
and have been forced to turn off LDAP authentication
Comment 1 Richard L. Goerwitz III 2002-08-21 14:57:13 EDT
Run /sbin/ldconfig and restart sshd (and perhaps some other similar services)
and the unresolved symbol error will go away.
Comment 2 Anthony Rumble 2002-11-08 21:04:55 EST
The above fix worked for me too.. It seems to happen if you upgrade to the
latest OpenSSL that comes in the errata (In my case Redhat 7.1 Alpha). And you
have an sshd running.
Comment 3 Tomas Mraz 2005-02-04 05:20:42 EST
This doesn't apply to current distributions.

Note You need to log in before you can comment on or make changes to this bug.