Date: Sat, 21 Sep 2002 15:18:27 -0400 From: Bob Johnson <bob88@bobj.org> To: jason <jason@monsterjam.org>, freebsd-questions@freebsd.org Subject: Re: pam is hosed! ;) Message-ID: <200209211518.27542.bob88@bobj.org> In-Reply-To: <20020921134444.B83307-100000@monsterjam.org> References: <20020921134444.B83307-100000@monsterjam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 21 September 2002 01:56 pm, jason appears to have written: > running FreeBSD monsterjam.org 4.5-RC FreeBSD 4.5-RC #0: Sat Jan 26 > 00:52:46 EST 2002 =20 > root@monsterjam.org:/space/obj/usr/src/sys/ROLAND i386 and > everything has been running absolutely ducky for quite a while > monsterjam# uptime > 1:45PM up 237 days, 35 mins, 8 users, load averages: 0.16, 0.04, > 0.02 > > all of a sudden pam stops authenticating for my imap/pop3 users and > http users.. > I see all these messages in my /var/log/messages: > > Sep 21 13:23:22 monsterjam cupsd: unable to > dlopen(/lib/security/pam_unix.so) > Sep 21 13:23:22 monsterjam cupsd: [dlerror: Cannot open > "/lib/security/pam_unix.so"] > Sep 21 13:23:22 monsterjam cupsd: adding faulty module: > /lib/security/pam_unix.so > > Sep 20 22:35:36 monsterjam login: _pam_init_handlers: no default > config /etc/pam.d/other > Sep 20 22:35:36 monsterjam login: error reading PAM configuration > file Sep 20 22:35:36 monsterjam login: pam_start: failed to > initialize handlers Sep 20 22:35:36 monsterjam login: pam_start: > Critical error - immediate abort > > > Sep 21 08:40:58 monsterjam login: unable to > dlopen(/lib/security/pam_unix.so) > Sep 21 08:40:58 monsterjam login: [dlerror: Cannot open > "/lib/security/pam_unix.so"] > Sep 21 08:40:58 monsterjam login: adding faulty module: > /lib/security/pam_unix.so > Sep 21 08:40:58 monsterjam login: pam_authenticate: Module is unknown > > Ive searched google and cant seem to find out what they mean. > > looking at my system, pam_unix.so is in /usr/lib, not /lib/security > > monsterjam# locate pam_unix.so > /usr/lib/pam_unix.so > > regular telnet,ssh logins to the box work fine, just not imap, pop3, > http, what should I do? Tentatively, I'd say it looks like someone installed their own (Linux?)=20 version of PAM on your system in an effort to gain access. =20 What does "ls -l /etc/pam.conf" show, and what is in /etc/pam.conf? =20 Have you upgraded or installed anything at all recently? Also, have you kept up to date on security patches? =20 What does "last" show? - Bob > > regards, > Jason To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209211518.27542.bob88>