Re: Recent PAM Upgrade

To: Debian Testing List <debian-testing@lists.debian.org>
Subject: Re: Recent PAM Upgrade
From: Paul Hampson <Paul.Hampson@anu.edu.au>
Date: Sun, 16 Mar 2003 12:21:29 +1100
Message-id: <20030316012129.GA21004@keitarou.bubblesworth.net>
Mail-followup-to: Debian Testing List <debian-testing@lists.debian.org>
In-reply-to: <3E712447.2030707@cobalt.physemp.com>
References: <3E712447.2030707@cobalt.physemp.com>

On Thu, Mar 13, 2003 at 06:37:27PM -0600, Christopher L. Everett wrote:
> After the latest updates, and restoring the /etc/pam.d/login and 
> /etc/pam.d/passwd
> files to the originals, I got this
> 
> Mar 14 16:30:25 chromium sshd[27831]: input_userauth_request: illegal user 
> root
> Mar 13 16:30:25 chromium sshd[27831]: PAM unable to 
> dlopen(/lib/security/pam_unix.so)
> Mar 13 16:30:25 chromium sshd[27831]: PAM [dlerror: /lib/libc.so.6: version 
> `GLIBC_2.3' not found (required by /lib/security/pam_unix.so)]
> Mar 13 16:30:25 chromium sshd[27831]: PAM adding faulty module: 
> /lib/security/pam_unix.so
> Mar 13 16:30:25 chromium sshd[27831]: Could not reverse map address 
> 207.177.51.238.
> Mar 13 16:30:25 chromium sshd[27831]: Failed none for illegal user root 
> from 207.177.51.238 port 53278 ssh2
> Mar 13 16:30:25 chromium sshd[27831]: Failed keyboard-interactive for 
> illegal user root from 207.177.51.238 port 53278 ssh2
> Mar 13 16:31:10 chromium sshd[27831]: Failed password for illegal user root 
> from 207.177.51.238 port 53278 ssh2
> Mar 13 16:31:43 chromium last message repeated 2 times
> Mar 13 16:31:43 chromium sshd[27831]: Connection closed by 207.177.51.238
> 
> /etc/passwd has root as the first entry.
> 
> moreover, the failed password message happens when I'm prompted for my 
> password, NOT after I
> type in the password and hit the <Enter> key.
> 
> Fortunately, everything started working after a '/etc/init.d/ssh restart'.
> 
> Needless to say, I was a touch freaked out ... This is on a server that I've
> got a very large investment in.
> 
> I was afraid of being forever locked out of that box, a major distaster.
> 
> WTH happened here?

Did the libc6 update recently not ask you to restart sshd? Or did
it ask you and you said no? If it's the former then it might be a
bug. If it's the latter, then you'll know better next time. :-)

The above looks like your PAM was upgraded to a version built against
glibc 2.3 but you libc hadn't been updated to that version. The fact
that restarting sshd fixed it implies to me that it _had_ been updated,
but ssh couldn't see it yet, which means sshd wasn't restarted in the
libc6 postinst...

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, MCSE
6th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Anu.edu.au

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
 -- Kristian Wilson, Nintendo, Inc, 1989

This email is licensed to the recipient for non-commercial
use, duplication and distribution.
-----------------------------------------------------------

Attachment: pgpM43zBr5lnU.pgp
Description: PGP signature

Reply to:

References:
- Recent PAM Upgrade
  - From: "Christopher L. Everett" <ceverett@cobalt.physemp.com>

Prev by Date: happy forever
Next by Date: Gkt apps crash when copy/paste
Previous by thread: Re: Recent PAM Upgrade
Next by thread: happy forever
Index(es):
- Date
- Thread