PAM and /lib/security/ rather than /lib64/security/

Hello

We have a x86_64 bits box and we have these erros

PAM unable to dlopen(/lib/security/pam_listfile.so)
PAM [dlerror: /lib/security/pam_listfile.so: cannot open shared object file: No such file or directory]
PAM adding faulty module: /lib/security/pam_listfile.so
PAM unable to dlopen(/lib/security/pam_pwdb.so)
PAM [dlerror: /lib/security/pam_pwdb.so: cannot open shared object file: No such file or directory]
PAM adding faulty module: /lib/security/pam_pwdb.so

It’s normal as all *.so files for pam are in /lib64/security/ rather than /lib/security

Is it safe to symlinks /lib64/security to /lib/security ?

Something like

ln -sfd /lib64/security /lib/security

The only thing is that in /lib/security I have a file (poor alone file)
-pam_ccreds.so

I could copy it to /lib64/security first then do the symlink

What do you think about this ?
Do you already encounter this pbm ?

You can often install both 32 and 64 bit versions of libs/binaries Pascal. So I’d check for the 32 bit versions of the libs you need before symlinking as symlinking may confuse programs that are expecting a 32 bit lib in /lib/security.

Chris

Thanks Chris

I understand well.

Si in this case is all 32 bits PAM libs that I have to install ?

Here is all the pam rpms isntalled.

pam-0.77-66.14
pam_passwdqc-0.7.5-2
pam_ccreds-1-3
pam_smb-1.1.7-5
pam_krb5-2.1.8-1

pam_ccreds-1-3 should be 32 bits (as it was the only one in lib/security/)

These PAM errors arrived when there is an authentifiction error in PROFTPD only.

I’m not sure which 32 bits libs/bin I have to install ? All others pam rpms ?

For example

[root@obiwan ~]# yum list pam-0.77-66.14
Setting up repositories
Reading repository metadata in from local files
Installed Packages
pam.x86_64 0.77-66.14 installed
Available Packages
pam.i386 0.77-66.14 base

I can install this 32 bits pam safely, knowing it will also install the dependencies ?

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
pam i386 0.77-66.14 base 1.8 M
Installing for dependencies:
audit-libs i386 1.0.12-1.EL4 base 33 k
cracklib i386 2.7-29 base 26 k
cracklib-dicts i386 2.7-29 base 1.3 M
glib2 i386 2.4.7-1 base 476 k

Pascal

In fact the conf for ftp in /etc/pam.d/ link all *.so file to /lib and not /lib64

In fact it’s true for ALL conf pam files
The result of “grep -r lib64 /etc/pam.d” is empty

So basicly it means that even if I have pam 64 bits installed the conf file for pam still look in /lib/ rather than /lib64

About proftpd what is the best solution ?

  • update /etc/pam.d/ftp to point to /lib64 lib
  • Install all 32bits pam rpms ?

And for all others ?

Pascal

erfff ?

I didn^t write ALL these posts. I promise you. Just one. I don^t know what happend. I’m going to delete all these posts

Pascal

Hello

I have installed all pam 32 bits shared objects. So now I have in /lib/security/ the needed files.

But I still have the same error

PAM unable to dlopen(/lib/security/pam_listfile.so)
PAM [dlerror: /lib/security/pam_listfile.so: cannot open shared object file: No such file or directory]
PAM adding faulty module: /lib/security/pam_listfile.so
PAM unable to dlopen(/lib/security/pam_pwdb.so)
PAM [dlerror: /lib/security/pam_pwdb.so: cannot open shared object file: No such file or directory]
PAM adding faulty module: /lib/security/pam_pwdb.so

/lib/security/pam_listfile.so exists and has these auth

ls -al /lib/security/


-rwxr-xr-x  1 root root  15656 Jan  1 23:08 pam_listfile.so

here is the pam rpms installes

pam-0.77-66.14
pam-0.77-66.14
pam_ccreds-1-3
pam_ccreds-1-3
pam_passwdqc-0.7.5-2
pam_smb-1.1.7-5
pam_krb5-2.1.8-1
pam_smb-1.1.7-5
pam_krb5-2.1.8-1
pam_passwdqc-0.7.5-2

They are all twice because there is the x86 and 32 bits versions

Any ideas why I still have these errors ?

Thanks

Pascal

I’d try stracing the process that is throwing the error so you can see what exact system calls are occuring Pascal. You can attach to a running process if it’s a daemon by doing:

strace -p <proc id>

Chris

Hi Chris

Thanks for your answer

yes but as this happens not every time is very diffuclt to me to do an strace at the good time :-p

I have already try to strace the pid and all folow pid and write the trace in a log but apparently it was not the good time :wink:

Anyway I’ll retry

strace -f -p <pid id> -o outfile

Pascal