While installing and testing the RoundCube Web-mail system on my NetBSD-based Web server and network router, I found myself unable to shut down Apache (even with kill -9). Eventually I relented and restarted the OS, ruining my uptime of about 160 days in the process.
When the system came back up, I couldn’t log in! After entering the username, I just got returned to the login prompt after the following rudeness:
login: Undefined PLT symbol "openpam_ttyconv (symnum=47)"
The kernel mesages also included something like:
PAM unable to dlopen(/usr/pkg/lib/security/pam_cracklib.so)
Network access to the machine seemed to be down as well. Not the best scenario for trying to fix anything!
A reboot into single-user mode (-s kernel bootloader option) or two later, and some fun trying to research and resolve the problem with my main network router out of action(!), and I discovered that networking was OK after all, and I could ssh in and try to fix things.
It seems installing the PAM pluggable authentication modules system from pkgsrc was the culprit. I can’t remember when or why in the last 160 days I did this, but apparently I did, and it didn’t cause any problems until the recent reboot. It seems the login program was being dynamically linked to the PAM library from the package, not the main system one (which apparently already existed). With the extra PAM package installed, ldd /usr/bin/login showed that it was linking to /usr/pkg/lib/libpam.so.0, which didn't work. After uninstalling the extra PAM package, it was linked instead to /usr/lib/libpam.so.0, which worked fine.
AFAICT, there are two PAM libraries in pkgsrc, in addition to the main system one: openpam and Linux PAM (I think the one I had installed was the Linux one, PAM-0.77nb5).
No comments:
Post a Comment