Bug#279857: marked as done (ssh: in i include pam_access module i get unresolved simbols and i coudn't login)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 5 Nov 2004 12:34:29 +0000
with message-id <20041105123428.GB9956@riva.ucam.org>
and subject line Bug#279857: ssh: in i include pam_access module i get unresolved simbols and i coudn't login
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Nov 2004 11:44:36 +0000
>From Joan.Soler@uv.es Fri Nov 05 03:44:36 2004
Return-path: <Joan.Soler@uv.es>
Received: from postin.uv.es [147.156.1.90] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CQ2WB-00038k-00; Fri, 05 Nov 2004 03:44:36 -0800
Received: from sello.uv.es (sello.ci.uv.es [147.156.1.112])
	by postin.uv.es (8.12.11/8.12.11) with ESMTP id iA5Bi3xh028475
	for <submit@bugs.debian.org>; Fri, 5 Nov 2004 12:44:03 +0100
Received: from strogoff.uv.es (strogoff.ci.uv.es [147.156.1.92])
	(authenticated bits=0)
	by sello.uv.es (8.12.2/8.12.2) with ESMTP id iA5Bi0OV008187
	for <submit@bugs.debian.org>; Fri, 5 Nov 2004 12:44:01 +0100
From: "Joan Carles Soler"<Joan.Soler@uv.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh: in i include pam_access module i get unresolved simbols and i coudn't login
Date: Fri, 5 Nov 2004 12:44:01 +0100 (CET)
X-Real-Sender: jsoler@uv.es
X-Postman-SMTP-Auth: 1,1
X-Mailer: postman 2.1
MIME-Version: 1.0
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <[🔎] 2157271547jsoler@uv.es>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,DATING,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: ssh=20
Version: 1:3.8.1p1-8.sarge.2=20
Severity: grave=20
Justification: renders package unusable=20
Tags: security=20
=20
if i include pam_access module i get unresolved simbols and i=20
coudn't =20
loguin. This is a severity problem for as=20
because whe have ours users in a ldap directori and only the users=20
of =20
a specified group whoud acces the server.=20
=20
---=20
auth.log----------------------------------------------------------=20
--------------------=20
Nov  5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol: =20
pam_sm_authenticate=20
Nov  5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol: =20
pam_sm_setcred=20
Nov  5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for =20
jsoler from emsrv=20
=20
--- /etc/pam.d/ssh=20
---------------------------------------------------=20
--------------------=20
# PAM configuration for the Secure Shell service=20
=20
# Disallow non-root logins when /etc/nologin exists.=20
auth       required     pam_nologin.so=20
=20
# Read environment variables from /etc/environment and=20
# /etc/security/pam_env.conf.=20
auth       required     pam_env.so # [1]=20
=20
# Standard Un*x authentication.=20
auth    required        pam_access.so=20
@include common-auth=20
=20
# Standard Un*x authorization.=20
@include common-account=20
=20
# Standard Un*x session setup and teardown.=20
@include common-session=20
=20
# Print the message of the day upon successful login.=20
session    optional     pam_motd.so # [1]=20
=20
# Print the status of the user's mailbox upon successful login.=20
session    optional     pam_mail.so standard noenv # [1]=20
=20
# Set up user limits from /etc/security/limits.conf.=20
session    required     pam_limits.so=20
# Standard Un*x password updating.=20
@include common-password=20
=20
--- /etc/security/access.conf=20
----------------------------------------=20
-------------------------------------=20
# Sols es poden connectar el usuaris autoritzats=20
# Joan Carles Soler 18/10/2001=20
+: root :ALL=20
+: pharusuv-l :ALL=20
+: insauv-l :ALL=20
+: scsiuv-l :ALL=20
#+: siuv-l :ALL=20
+: emsrv :ALL=20
-: ALL EXCEPT LOCAL:ALL=20
----------------------------------------------------------------------=20
---------=20
NOTE: pharusuv-l insauv-l scsiuv-l ... are groups in our ldap system =20
too=20
=20
=20
=20
-- System Information:=20
Debian Release: 3.1=20
  APT prefers testing=20
  APT policy: (101, 'testing')=20
Architecture: i386 (i686)=20
Kernel: Linux 2.6.5-1-686-smp=20
Locale: LANG=3Des_ES@euro, LC_CTYPE=3Des_ES@euro (ignored: LC_ALL set to =
=20
es_ES@euro)=20
=20
Versions of packages ssh depends on:=20
ii  adduser                     3.59         Add and remove users=20
and =20
groups=20
ii  debconf                     1.4.30.8     Debian configuration =20
management sy=20
ii  dpkg                        1.10.23      Package maintenance =20
system for Deb=20
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared =20
libraries an=20
ii  libpam-modules              0.76-22      Pluggable=20
Authentication =20
Modules f=20
ii  libpam-runtime              0.76-22      Runtime support for the =20
PAM librar=20
ii  libpam0g                    0.76-22      Pluggable=20
Authentication =20
Modules l=20
ii  libssl0.9.7                 0.9.7d-5     SSL shared libraries=20
ii  libwrap0                    7.6.dbs-6    Wietse Venema's TCP =20
wrappers libra=20
ii  zlib1g                      1:1.2.2-1    compression library - =20
runtime=20
=20
-- debconf information:=20
  ssh/insecure_rshd:=20
  ssh/privsep_ask: true=20
* ssh/user_environment_tell:=20
* ssh/forward_warning:=20
  ssh/insecure_telnetd:=20
  ssh/new_config: true=20
* ssh/use_old_init_script: true=20
* ssh/SUID_client: true=20
  ssh/disable_cr_auth: false=20
* ssh/privsep_tell:=20
  ssh/ssh2_keys_merged:=20
* ssh/protocol2_only: true=20
  ssh/encrypted_host_key_but_no_keygen:=20
* ssh/run_sshd: true=20
=20


---------------------------------------
Received: (at 279857-done) by bugs.debian.org; 5 Nov 2004 12:34:32 +0000
>From cjwatson@flatline.org.uk Fri Nov 05 04:34:32 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CQ3IW-0003dE-00; Fri, 05 Nov 2004 04:34:32 -0800
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
	by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
	(return-path cjwatson@flatline.org.uk)
	id 1CQ3IT-0003mF-00
	for 279857-done@bugs.debian.org; Fri, 05 Nov 2004 12:34:29 +0000
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
	for 279857-done@bugs.debian.org
	id 1CQ3IT-0002yf-00; Fri, 05 Nov 2004 12:34:29 +0000
Date: Fri, 5 Nov 2004 12:34:29 +0000
From: Colin Watson <cjwatson@debian.org>
To: 279857-done@bugs.debian.org
Subject: Re: Bug#279857: ssh: in i include pam_access module i get unresolved simbols and i coudn't login
Message-ID: <20041105123428.GB9956@riva.ucam.org>
References: <[🔎] 2157271547jsoler@uv.es>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] 2157271547jsoler@uv.es>
User-Agent: Mutt/1.3.28i
Delivered-To: 279857-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

On Fri, Nov 05, 2004 at 12:44:01PM +0100, Joan Carles Soler wrote:
> if i include pam_access module i get unresolved simbols and i coudn't
> loguin. This is a severity problem for as because whe have ours users
> in a ldap directori and only the users of  a specified group whoud
> acces the server. 
>  
> --- 
> auth.log---------------------------------------------------------- 
> -------------------- 
> Nov  5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:  
> pam_sm_authenticate 
> Nov  5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:  
> pam_sm_setcred 
> Nov  5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for  
> jsoler from emsrv 
>  
> --- /etc/pam.d/ssh 
> --------------------------------------------------- 
> -------------------- 
> # PAM configuration for the Secure Shell service 
>  
> # Disallow non-root logins when /etc/nologin exists. 
> auth       required     pam_nologin.so 
>  
> # Read environment variables from /etc/environment and 
> # /etc/security/pam_env.conf. 
> auth       required     pam_env.so # [1] 
>  
> # Standard Un*x authentication. 
> auth    required        pam_access.so 
> @include common-auth 

You can't use pam_access for auth; it only provides the account
management group. Install libpam-doc and see:

  /usr/share/doc/libpam-doc/html/pam-6.html#ss6.1

Since the module can't handle auth, it fails; since you've designated it
as required, the whole authentication fails.

-- 
Colin Watson                                       [cjwatson@debian.org]