Pam-list Digest, Vol 23, Issue 1

Andreas Schindler schindler at az1.de
Mon Jan 2 10:37:07 UTC 2006 

pam-list-request at redhat.com wrote:

> To:
> pam-list at redhat.com
> 
> 
> Hi All,
> 
> Some time back i configured CVS to work with pam
> through pam_ldap.
> I am now trying the same on a different machine (This
> time on the same box as where i have LDAP setup).
> Things didn't work as well this time.
> 
> An strace of 'cvs login' shows
> 
> 22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM unable to 
> dlopen(/usr/local/pam/lib/security/pam_ldap.so)", 91,
> 0) = 91
> 22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> 22808 time([1136107177])                = 1136107177
> 22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
> {SIG_DFL}, 8) = 0
> 22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM [dlerror: 
> /usr/local/pam/lib/security/pam_ldap.so: undefined
> symbol: 
> ber_pvt_opt_on]", 118, 0) = 118
> 22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> 22808 time([1136107177])                = 1136107177
> 22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
> {SIG_DFL}, 8) = 0
> 22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM adding
> faulty module: 
> /usr/local/pam/lib/security/pam_ldap.so", 95, 0) = 95
> 
> PAM then falls back to pam_deny.so as per my
> configuration. Googling gives no answers. Any idea
> what's wrong?
> 
> I use openldap 2.1.22 and pam_ldap-180
> 
> 
> Many thanks
> Vidya Chandrasekaran
> 
> 

Vidya,

this looks a if your pam_ldap module is linked against a shareable
library, which is different on the 2 machines in question.

I suggest you 'nm' all the libraries you are linking with your module
for the symblol 'ber_pvt_opt_on'. If found, just exchange the library's
link options with the static equivalence, as:

current:
	... -L /my/lib/path -l mylib	---> /my/lib/path/libmylib.so

static:
         ... /my/lib/path/libmylib.a


If that works, you have to clean up your shared lib installation and
copy the missing files to the 2nd machine (don't forget ldconfig!)

Regards Andreas
-- 
Dr.-Ing. Andreas Schindler

Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich

Telefon 06103-57187-21
Telefax 06103-373245

schindler at az1.de
www.az1.de

More information about the Pam-list mailing list