Ubuntu
openssh package

ssh: in i include pam_access module i get unresolved simbols and i coudn't login

Bug #9936 reported by Debian Bug Importer
6
Affects Status Importance Assigned to Milestone
openssh (Debian)
Fix Released
Unknown
openssh (Ubuntu)
Invalid
High
Colin Watson

Bug Description

Automatically imported from Debian bug report #279857 http://bugs.debian.org/279857

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #279857 http://bugs.debian.org/279857

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (4.1 KiB)

Message-ID: <email address hidden>
Date: Fri, 5 Nov 2004 12:44:01 +0100 (CET)
From: "Joan Carles Soler"<email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: ssh: in i include pam_access module i get unresolved simbols and i coudn't login

Package: ssh=20
Version: 1:3.8.1p1-8.sarge.2=20
Severity: grave=20
Justification: renders package unusable=20
Tags: security=20
=20
if i include pam_access module i get unresolved simbols and i=20
coudn't =20
loguin. This is a severity problem for as=20
because whe have ours users in a ldap directori and only the users=20
of =20
a specified group whoud acces the server.=20
=20
---=20
auth.log----------------------------------------------------------=20
--------------------=20
Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol: =20
pam_sm_authenticate=20
Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol: =20
pam_sm_setcred=20
Nov 5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for =20
jsoler from emsrv=20
=20
--- /etc/pam.d/ssh=20
---------------------------------------------------=20
--------------------=20
# PAM configuration for the Secure Shell service=20
=20
# Disallow non-root logins when /etc/nologin exists.=20
auth required pam_nologin.so=20
=20
# Read environment variables from /etc/environment and=20
# /etc/security/pam_env.conf.=20
auth required pam_env.so # [1]=20
=20
# Standard Un*x authentication.=20
auth required pam_access.so=20
@include common-auth=20
=20
# Standard Un*x authorization.=20
@include common-account=20
=20
# Standard Un*x session setup and teardown.=20
@include common-session=20
=20
# Print the message of the day upon successful login.=20
session optional pam_motd.so # [1]=20
=20
# Print the status of the user's mailbox upon successful login.=20
session optional pam_mail.so standard noenv # [1]=20
=20
# Set up user limits from /etc/security/limits.conf.=20
session required pam_limits.so=20
# Standard Un*x password updating.=20
@include common-password=20
=20
--- /etc/security/access.conf=20
----------------------------------------=20
-------------------------------------=20
# Sols es poden connectar el usuaris autoritzats=20
# Joan Carles Soler 18/10/2001=20
+: root :ALL=20
+: pharusuv-l :ALL=20
+: insauv-l :ALL=20
+: scsiuv-l :ALL=20
#+: siuv-l :ALL=20
+: emsrv :ALL=20
-: ALL EXCEPT LOCAL:ALL=20
----------------------------------------------------------------------=20
---------=20
NOTE: pharusuv-l insauv-l scsiuv-l ... are groups in our ldap system =20
too=20
=20
=20
=20
-- System Information:=20
Debian Release: 3.1=20
  APT prefers testing=20
  APT policy: (101, 'testing')=20
Architecture: i386 (i686)=20
Kernel: Linux 2.6.5-1-686-smp=20
Locale: LANG=3Des_ES@euro, LC_CTYPE=3Des_ES@euro (ignored: LC_ALL set to =
=20
es_ES@euro)=20
=20
Versions of packages ssh depends on:=20
ii adduser 3.59 Add and remove users=20
and =20
groups=20
ii debconf 1.4.30.8 Debian configuration =20
management sy=20
ii dpkg 1.10.23 Package maintenance =20
system for Deb=20
ii libc6 ...

Read more...

Revision history for this message
In , Colin Watson (cjwatson) wrote : Re: Bug#279857: ssh: in i include pam_access module i get unresolved simbols and i coudn't login

On Fri, Nov 05, 2004 at 12:44:01PM +0100, Joan Carles Soler wrote:
> if i include pam_access module i get unresolved simbols and i coudn't
> loguin. This is a severity problem for as because whe have ours users
> in a ldap directori and only the users of a specified group whoud
> acces the server.
>
> ---
> auth.log----------------------------------------------------------
> --------------------
> Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
> pam_sm_authenticate
> Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
> pam_sm_setcred
> Nov 5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for
> jsoler from emsrv
>
> --- /etc/pam.d/ssh
> ---------------------------------------------------
> --------------------
> # PAM configuration for the Secure Shell service
>
> # Disallow non-root logins when /etc/nologin exists.
> auth required pam_nologin.so
>
> # Read environment variables from /etc/environment and
> # /etc/security/pam_env.conf.
> auth required pam_env.so # [1]
>
> # Standard Un*x authentication.
> auth required pam_access.so
> @include common-auth

You can't use pam_access for auth; it only provides the account
management group. Install libpam-doc and see:

  /usr/share/doc/libpam-doc/html/pam-6.html#ss6.1

Since the module can't handle auth, it fails; since you've designated it
as required, the whole authentication fails.

--
Colin Watson [<email address hidden>]

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 5 Nov 2004 12:34:29 +0000
From: Colin Watson <email address hidden>
To: <email address hidden>
Subject: Re: Bug#279857: ssh: in i include pam_access module i get unresolved simbols and i coudn't
 login

On Fri, Nov 05, 2004 at 12:44:01PM +0100, Joan Carles Soler wrote:
> if i include pam_access module i get unresolved simbols and i coudn't
> loguin. This is a severity problem for as because whe have ours users
> in a ldap directori and only the users of a specified group whoud
> acces the server.
>
> ---
> auth.log----------------------------------------------------------
> --------------------
> Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
> pam_sm_authenticate
> Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
> pam_sm_setcred
> Nov 5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for
> jsoler from emsrv
>
> --- /etc/pam.d/ssh
> ---------------------------------------------------
> --------------------
> # PAM configuration for the Secure Shell service
>
> # Disallow non-root logins when /etc/nologin exists.
> auth required pam_nologin.so
>
> # Read environment variables from /etc/environment and
> # /etc/security/pam_env.conf.
> auth required pam_env.so # [1]
>
> # Standard Un*x authentication.
> auth required pam_access.so
> @include common-auth

You can't use pam_access for auth; it only provides the account
management group. Install libpam-doc and see:

  /usr/share/doc/libpam-doc/html/pam-6.html#ss6.1

Since the module can't handle auth, it fails; since you've designated it
as required, the whole authentication fails.

--
Colin Watson [<email address hidden>]

Revision history for this message
In , Matt Zimmerman (mdz) wrote :

tags 279857 - security
thanks

--
 - mdz

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 5 Nov 2004 08:05:29 -0800
From: Matt Zimmerman <email address hidden>
To: <email address hidden>
Subject: Re: Bug#279857: ssh: in i include pam_access module i get unresolved simbols and i coudn't
 login

tags 279857 - security
thanks

--
 - mdz

Revision history for this message
Colin Watson (cjwatson) wrote :

PAM configuration error; not a bug.

Bug Watch Updater (bug-watch-updater)
Changed in openssh:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.