[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: dlerror: undefined symbol: yperr_string


On Sun, Sep 19, Carlo M. Arenas Belon wrote:

> > Hi!
> > 
> > I recently upgraded from SuSE 6.1 to 6.2 which features PAM now.
> > Yes, I know this is a RedHat list but please read on!
> this is a PAM list, AFAIK
> > Whenever su, passwd, login or probably some other commands are run, the
> > following errors are logged to syslog:
> whenever any PAM aware application is called, it looks for a pam
> configuration file on /etc/pam.d/*, i bet those utilities giving you
> problem use pam_unix_auth.so somewhere.
> > su: PAM unable to dlopen(/lib/security/pam_unix_auth.so)
> > su: PAM [dlerror: /lib/security/pam_unix_auth.so:
> > 		  undefined symbol: yperr_string]
> > su: PAM adding faulty module: /lib/security/pam_unix_auth.so
> pam_unix_auth.so is the security problem you'll need, check if there is
> any on /lib/security, if there isn't blame your packager.

It really seems we have make a mistake and pam_unix_auth.so is not linked
against libcrypt. But with the default SuSE Linux 6.2 configuration,
we uses the SuSE special pam_unix.so Module, not the pam_unix_*.so
Modules. Please change the configuration files back to the default.
The SuSE pam_unix module can do all the things pam_unix_*.so can do, too.
And contains a lot of more features.

> > Identical messages appear also for pam_unix_acct.so, pam_unix_passwd.so
> > and pam_unix_session.so.
> pam_unix are obsolete modules AFAIK, you should be using pam_pwdb, take a
> look to PAM documentation to help you build your pam configuration
> files.
> i bet SuSE should have upgraded tools that use pam_pwdb instead of
> pam_unix*, take a look to updated packages also

No, SuSE will not use pam_pwdb, it is broken from design. It ignores
/etc/nsswitch.conf (I haven't seen that this is fixed), NIS+ is not
possible with it and it has a lot of more flaws, too.
If I understand the code rigth it is even possible to read the password
entries from /etc/shadow with the helper program. The new helper program
from the new pam_unix implementation in Linux-PAM 0.68 doesn't allow
this and is much better. 


Thorsten Kukuk       http://www.suse.de/~kukuk/       kukuk@suse.de
SuSE GmbH            Schanzaeckerstr. 10            90443 Nuernberg
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []