From owner-freebsd-stable@FreeBSD.ORG Mon Sep 24 07:02:38 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6F5F16A418 for ; Mon, 24 Sep 2007 07:02:38 +0000 (UTC) (envelope-from richard@unixguru.nl) Received: from mx1.unixguru.nl (mx1.unixguru.nl [77.37.12.119]) by mx1.freebsd.org (Postfix) with ESMTP id 4E1C213C457 for ; Mon, 24 Sep 2007 07:02:38 +0000 (UTC) (envelope-from richard@unixguru.nl) Received: from localhost (localhost [127.0.0.1]) by mx1.unixguru.nl (Postfix) with ESMTP id E07AC1F593; Mon, 24 Sep 2007 08:32:12 +0200 (CEST) Received: from mx1.unixguru.nl ([77.37.12.119]) by localhost (vs8916.vserver4free.de [77.37.12.119]) (amavisd-new, port 10024) with ESMTP id 8WsjtaLSgVpf; Mon, 24 Sep 2007 08:32:08 +0200 (CEST) Received: from mail.unixguru.nl (www.unixguru.nl [212.120.92.81]) by mx1.unixguru.nl (Postfix) with ESMTP id 6167E1F4FD; Mon, 24 Sep 2007 08:32:08 +0200 (CEST) Received: from localhost (shell.unixguru.nl [192.168.10.20]) by mail.unixguru.nl (Postfix) with ESMTP id 846A91144F; Mon, 24 Sep 2007 08:31:28 +0200 (CEST) Date: Mon, 24 Sep 2007 08:31:28 +0200 From: Richard Arends To: Victor Star Message-ID: <20070924063127.GB37371@shell.unixguru.nl> References: <762964378.20070923221850@victorstar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <762964378.20070923221850@victorstar.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-stable@freebsd.org Subject: Re: in openpam_load_module(): no pam_unix.so found X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 07:02:38 -0000 On Sun, Sep 23, 2007 at 10:18:50PM -0400, Victor Star wrote: Victor, > My problem is that few days ago PAM somehow got corrupted or something. Basically I can't login neither through ssh or console. The error is: > > ====- 8< -=================================================== > su: in openpam_load_module(): no pam_unix.so found > su: pam_start: system error > ====- 8< -=================================================== > > pam_unix.so is in /usr/lib: > ====- 8< -=================================================== > # ls -l /usr/lib/pam_unix* > lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so -> pam_unix.so.3 > -r--r--r-- 1 root wheel 10240 Feb 19 2007 /usr/lib/pam_unix.so.3 > # file /usr/lib/pam_unix.so > /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' > ====- 8< -=================================================== First, this is how a problem should be described, great work. When openpam can't load a module, it also print's the 'not found' message. With 'ldd /usr/lib/pam_unix.so.3' you can see if all the libraries that it needs are in place. On my systems it give's the following output: $ ldd /usr/lib/pam_unix.so.3 /usr/lib/pam_unix.so.3: libutil.so.5 => /lib/libutil.so.5 (0x28169000) libcrypt.so.3 => /lib/libcrypt.so.3 (0x28175000) libypclnt.so.2 => /usr/lib/libypclnt.so.2 (0x2818d000) libpam.so.3 => /usr/lib/libpam.so.3 (0x28191000) > ====- 8< -=================================================== > Sep 18 11:11:37 xxxxxx su: BAD SU to root on /dev/ttyp3 > Sep 18 11:13:46 xxxxxx sshd[45047]: Bad protocol version identification '\377\364\377\375\006quit' from > Sep 18 11:15:08 xxxxxx sshd[45056]: Received disconnect from : 2: Bad packet length 710099706. > ====- 8< -=================================================== The first line is probably the result of the broken pam_unix.so, the other two lines look to me as ssh bruteforce attacks. But, when did it stopped working. Did you tried to update the world or something like that? -- Regards, Richard.