Re: xdm/login: in openpam_check_path_owner_perms(): /usr/local/lib/pam_ldap.so.5 not found

From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Thu, 22 Dec 2011 19:59:13 +0400
On Wed, Dec 21, 2011 at 11:09:23PM +0100, Hartmann, O. wrote:
H> OS: FreeBSD 10.0-CURRENT/amd64 r228787
H> 
H> Since the last update of world yesterday were I managed to compile the
H> OS WITH_LIBCPLUSPLUS=YES in /etc/src.conf,
H> only root is capable to login on the console.
H> 
H> I use OpenLDAP 2.4 as the backend for usual users, having also an
H> "emergency" user installed in the local /etc/passwd just in case.
H> 
H> The problem is, I can not login via xdm or console login anymore as any
H> usual user, even not as a user residing in the local passwd file.
H> 
H> Trying to login as LDAP backed user, I get the error
H> SASL/DIGEST-MD5 authentication started
H> Login icorrect
H> 
H> Inspecting /var/log/auth.log reveals for this incident
H> 
H> login: in openpam_check_path_owner_perms():
H> /usr/local/lib/pam_ldap.so.5: No such file or directory
H> 
H> Trying tologin as a local (/etc/passwd backed) user gets
H> sometimes the same login issue, but sporadically I get a login but
H> landing in / instead of /home/user. /home is a ZFS volume.
H> 
H> I reinstalled pam_ldap, nss_ldap, openldap-sasl-server/client many times
H> now since I suspected a fault in compilation (everything is compiled via
H> CLANG), but I have no success.
H> 
H> /usr/local/lib/pam_ldap.so.5 does not exist, it is simply pam_ldap.so.
H> 
H> It seems, that the OS can not find the homes on the ZFS volume. Doing a
H> su - USER works for all LDAP users but not the local users, I receive
H> the error su: no directory. This is very strange. While su -  as root
H> does not work, login as such a failing user work, but as mentioned
H> without home.
H> 
H> The last thing I did on that box is: I recompiled yesterday evening
H> world, switched the box off. When I switched the box on today, I ran
H> into this issue.
H> 
H> I recompile the system without flag WITH_LIBCPLUSPLUS and see what is
H> happening. Do others also see this strange behaviour?

This is definitely due to libpam update. In my case, I also got messages:

openpam_check_path_owner_perms(): /usr/local/lib/pam_ldap.so.5: No such file or directory

But this doesn't prevent me from logging in. The new PAM code first
tries to dlopen() a library configured in /etc/pam.d with ".5" appended
to it, this is hardcoded. If failed, it dlopens the exact name from
configuration. So, the message is harmless itself - the pam_ldap.so
is opened successfully.

I suppose failure to login that you experience is related to another
fallout from the new PAM import.

-- 
Totus tuus, Glebius.
Received on Thu Dec 22 2011 - 14:59:15 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:22 UTC