[Vmware-package-maintainers] Bug#440871: pam authentication of vmware-authd fails on amd64
Benjamin E. Schallar
benjamin.luga at schallar.com
Tue Sep 4 22:40:39 UTC 2007
Package: vmware-package
Version: 0.12
Severity: wishlist
--- Please enter the report below this line. ---
Using the configuration for vmware-authd from /etc/pam.d/vmware-authd as
built by vmware-package fails to authenticate users on amd64 with vmware
server 1.0.3 using the vmware any-any patchset v113.
Steps to reproduce:
Authenticating using e.g. vmware-server-console from a remote machine
produces the following output in /var/log/auth.log:
(date, time, hostname and application name - the latter being
vmware-authd - were cut off to increase readability)
> PAM unable to dlopen(/usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so)
> PAM [error: /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so: cannot open shared object file: No such file or directory]
> PAM adding faulty module: /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so
> PAM (other) illegal module type: @include
> PAM pam_parse: expecting return value; [...common-auth]
> PAM (other) no module name supplied
> PAM unable to dlopen(<*unknown module path*>)
> PAM [error: <*unknown module path*>: cannot open shared object file: No such file or directory]
> PAM adding faulty module: <*unknown module path*>
> PAM (other) illegal module type: @include
> PAM pam_parse: expecting return value; [...common-account]
> PAM (other) no module name supplied
> PAM (other) illegal module type: @include
> PAM pam_parse: expecting return value; [...common-password]
> PAM (other) no module name supplied
> PAM (other) illegal module type: @include
> PAM pam_parse: expecting return value; [...common-session]
> PAM (other) no module name supplied
This is due to the default /etc/pam.d/vmware-authd configuration:
> #%PAM-1.0
> auth required /lib/security/pam_unix_auth.so shadow nullok
> account required /lib/security/pam_unix_acct.so
Changing it to use the system pam library makes it fail as well due to
the 32bit nature of the vmware-authd binary - on amd64 at least.
Suggested fix:
This problem can be solved using the pam libraries shipped with vmware
server, as suggested in [
http://ubuntuforums.org/showthread.php?t=426026 ], using the following
lines in /etc/pam.d/vmware-authd:
> #%PAM-1.0
> auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so shadow null ok
> auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
> account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so
> account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so
--- System information. ---
Debian Release: 4.0
APT prefers stable
APT policy: (800, 'stable'), (750, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-1-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- Package information. ---
Depends (Version) | Installed
===============================-+-===========
ii bzip2 1.0.3-6 high-quality block-sorting file co
ii debhelper 5.0.42 helper programs for debian/rules
ii dpkg-dev 1.13.25 package building tools for Debian
ii fakeroot 1.5.10 Gives a fake root environment
ii file 4.17-5etch2 Determines file type using "magic"
ii make 3.81-2 The GNU version of the "make" util
ii module-assistant 0.10.8 tool to make module package creati
ii python 2.4.4-2 An interactive high-level object-o
More information about the Vmware-package-maintainers
mailing list