Date: Mon, 24 Sep 2007 08:31:28 +0200 From: Richard Arends <richard@unixguru.nl> To: Victor Star <freebsd@victorstar.com> Cc: freebsd-stable@freebsd.org Subject: Re: in openpam_load_module(): no pam_unix.so found Message-ID: <20070924063127.GB37371@shell.unixguru.nl> In-Reply-To: <762964378.20070923221850@victorstar.com> References: <762964378.20070923221850@victorstar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 23, 2007 at 10:18:50PM -0400, Victor Star wrote:
Victor,
> My problem is that few days ago PAM somehow got corrupted or something. Basically I can't login neither through ssh or console. The error is:
>
> ====- 8< -===================================================
> su: in openpam_load_module(): no pam_unix.so found
> su: pam_start: system error
> ====- 8< -===================================================
>
> pam_unix.so is in /usr/lib:
> ====- 8< -===================================================
> # ls -l /usr/lib/pam_unix*
> lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so -> pam_unix.so.3
> -r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3
> # file /usr/lib/pam_unix.so
> /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3'
> ====- 8< -===================================================
First, this is how a problem should be described, great work.
When openpam can't load a module, it also print's the 'not found' message.
With 'ldd /usr/lib/pam_unix.so.3' you can see if all the libraries that
it needs are in place. On my systems it give's the following output:
$ ldd /usr/lib/pam_unix.so.3
/usr/lib/pam_unix.so.3:
libutil.so.5 => /lib/libutil.so.5 (0x28169000)
libcrypt.so.3 => /lib/libcrypt.so.3 (0x28175000)
libypclnt.so.2 => /usr/lib/libypclnt.so.2 (0x2818d000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x28191000)
> ====- 8< -===================================================
> Sep 18 11:11:37 xxxxxx su: BAD SU <myloginname> to root on /dev/ttyp3
> Sep 18 11:13:46 xxxxxx sshd[45047]: Bad protocol version identification '\377\364\377\375\006quit' from <some ip here>
> Sep 18 11:15:08 xxxxxx sshd[45056]: Received disconnect from <some ip here>: 2: Bad packet length 710099706.
> ====- 8< -===================================================
The first line is probably the result of the broken pam_unix.so, the
other two lines look to me as ssh bruteforce attacks.
But, when did it stopped working. Did you tried to update the world or something like that?
--
Regards,
Richard.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070924063127.GB37371>