From owner-freebsd-questions Sat Sep 21 12:18:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1D0F37B401 for ; Sat, 21 Sep 2002 12:18:44 -0700 (PDT) Received: from smtp.ufl.edu (sp16en1.nerdc.ufl.edu [128.227.74.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC6E343E65 for ; Sat, 21 Sep 2002 12:18:43 -0700 (PDT) (envelope-from bob88@bobj.org) Received: from bobj.dyndns.org (cpe-gan-68-101-90-216-cmcpe.ncf.coxexpress.com [68.101.90.216]) (authenticated bits=0) by smtp.ufl.edu (8.12.6/8.12.6/2.4.0) with ESMTP id g8LJIbv6046742 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sat, 21 Sep 2002 15:18:39 -0400 Content-Type: text/plain; charset="iso-8859-1" From: Bob Johnson To: jason , freebsd-questions@freebsd.org Subject: Re: pam is hosed! ;) Date: Sat, 21 Sep 2002 15:18:27 -0400 X-Mailer: KMail [version 1.4] References: <20020921134444.B83307-100000@monsterjam.org> In-Reply-To: <20020921134444.B83307-100000@monsterjam.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200209211518.27542.bob88@bobj.org> X-Scanned-By: NERDC Open Systems Group (http://open-systems.ufl.edu/services/virus-scan/) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Saturday 21 September 2002 01:56 pm, jason appears to have written: > running FreeBSD monsterjam.org 4.5-RC FreeBSD 4.5-RC #0: Sat Jan 26 > 00:52:46 EST 2002 =20 > root@monsterjam.org:/space/obj/usr/src/sys/ROLAND i386 and > everything has been running absolutely ducky for quite a while > monsterjam# uptime > 1:45PM up 237 days, 35 mins, 8 users, load averages: 0.16, 0.04, > 0.02 > > all of a sudden pam stops authenticating for my imap/pop3 users and > http users.. > I see all these messages in my /var/log/messages: > > Sep 21 13:23:22 monsterjam cupsd: unable to > dlopen(/lib/security/pam_unix.so) > Sep 21 13:23:22 monsterjam cupsd: [dlerror: Cannot open > "/lib/security/pam_unix.so"] > Sep 21 13:23:22 monsterjam cupsd: adding faulty module: > /lib/security/pam_unix.so > > Sep 20 22:35:36 monsterjam login: _pam_init_handlers: no default > config /etc/pam.d/other > Sep 20 22:35:36 monsterjam login: error reading PAM configuration > file Sep 20 22:35:36 monsterjam login: pam_start: failed to > initialize handlers Sep 20 22:35:36 monsterjam login: pam_start: > Critical error - immediate abort > > > Sep 21 08:40:58 monsterjam login: unable to > dlopen(/lib/security/pam_unix.so) > Sep 21 08:40:58 monsterjam login: [dlerror: Cannot open > "/lib/security/pam_unix.so"] > Sep 21 08:40:58 monsterjam login: adding faulty module: > /lib/security/pam_unix.so > Sep 21 08:40:58 monsterjam login: pam_authenticate: Module is unknown > > Ive searched google and cant seem to find out what they mean. > > looking at my system, pam_unix.so is in /usr/lib, not /lib/security > > monsterjam# locate pam_unix.so > /usr/lib/pam_unix.so > > regular telnet,ssh logins to the box work fine, just not imap, pop3, > http, what should I do? Tentatively, I'd say it looks like someone installed their own (Linux?)=20 version of PAM on your system in an effort to gain access. =20 What does "ls -l /etc/pam.conf" show, and what is in /etc/pam.conf? =20 Have you upgraded or installed anything at all recently? Also, have you kept up to date on security patches? =20 What does "last" show? - Bob > > regards, > Jason To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message