Linux-PAM: update from 1.3.0 to 1.5.2 #2755

niclas · 2022-10-10T14:58:54Z

No description provided.

wwwutz · 2022-10-20T10:12:34Z

see discussion under #2725

donald · 2023-04-05T12:53:24Z

Upgrade is dangerous, because running processes, which use pam, have old /usr/lib/libpam.so.0.84.2 in memory but when they do something with it, a child will dlopen the new pam_XXX.so modules and nobody knows if these are compatible.

Processes sitting on the old libpam.so: systemd (system&user), crond, saslauthd, sshd, sd-pam (in systemd user sessions), probably more on workstations.

A simple bee update Linux-PAM seems to break saslauthd (used, for example, by imap, elager)_

root@dose:/etc/pam.d# testsaslauthd -u molgen -p XXX
0: NO "authentication failed"
root@dose:/etc/pam.d# tail /var/log/messages
2023-04-05T14:45:01+02:00 dose  sshd[8202]: error: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
2023-04-05T14:45:01+02:00 dose  sshd[8202]: pam_access(sshd:account): warning: cannot open /etc/security/access.conf: No such file or directory
2023-04-05T14:45:01+02:00 dose  sshd[8202]: Accepted publickey for buczek from 141.14.31.7 port 49700 ssh2: ED25519 SHA256:zMK/+6RSIEdR6cdKQ+ntt7MaR/dS2YLhKWpGpCcj7TQ
2023-04-05T14:45:01+02:00 dose  sshd[8202]: pam_unix(sshd:session): session opened for user buczek(uid=125) by (uid=0)
2023-04-05T14:47:50+02:00 dose  saslauthd[379]: PAM unable to dlopen(/usr/lib/security/pam_unix.so): /usr/lib/libpam.so.0: version `LIBPAM_MODUTIL_1.3.2' not found (required by /usr/lib/security/pam_unix.so)
2023-04-05T14:47:50+02:00 dose  saslauthd[379]: PAM adding faulty module: /usr/lib/security/pam_unix.so
2023-04-05T14:47:50+02:00 dose  saslauthd[379]: DEBUG: auth_pam: pam_authenticate failed: Module is unknown
2023-04-05T14:47:50+02:00 dose  saslauthd[379]:                 : auth failure: [user=molgen] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
2023-04-05T14:47:55+02:00 dose  automount[597]: expiring path /src/mariux
2023-04-05T14:47:55+02:00 dose  automount[597]: expired /src/mariux
root@dose:/etc/pam.d#

Works again after systemctl restart cyrus-sasl.

When user sessions ends:

2023-04-05T14:51:05+02:00 dose  systemd: PAM unable to dlopen(/usr/lib/security/pam_unix.so): /usr/lib/libpam.so.0: version `LIBPAM_MODUTIL_1.3.2' not found (required by /usr/lib/security/pam_unix.so)
2023-04-05T14:51:05+02:00 dose  systemd: PAM adding faulty module: /usr/lib/security/pam_unix.so

Hmmm.....

Linux-PAM: update from 1.3.0 to 1.5.2

a32f6e6

wwwutz added the needs more testing label Oct 20, 2022

Linux-PAM: update from 1.3.0 to 1.5.2 #2755

Linux-PAM: update from 1.3.0 to 1.5.2 #2755

niclas commented Oct 10, 2022

wwwutz commented Oct 20, 2022

donald commented Apr 5, 2023 •

edited

Linux-PAM: update from 1.3.0 to 1.5.2 #2755

Are you sure you want to change the base?

Linux-PAM: update from 1.3.0 to 1.5.2 #2755

Conversation

niclas commented Oct 10, 2022

wwwutz commented Oct 20, 2022

donald commented Apr 5, 2023 • edited

donald commented Apr 5, 2023 •

edited