PAM unable to dlopen(/lib64/security/pam_fprintd.so) causing CentOS/Redhat server to crash
Jul 29 03:53:15 u######## su: PAM adding faulty module:
/lib64/security/pam_fprintd.so
It looks like a bug: https://bugzilla.redhat.com/show_bug.cgi?id=505266
Install authconfig
and try this:
authconfig --disablefingerprint --update
Related videos on Youtube
Comments
-
RCNeil almost 2 years
CentOS 6, Parallels PLESK 10.4, Apache
One of my servers went down over the weekend much to my dismay. On the day and time it occurred, my log errors/messages end with this -
/var/log/secure:
Jul 29 03:53:15 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:15 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session closed for user popuser Jul 29 03:53:16 u######## su: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory Jul 29 03:53:16 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:18 u######## su: pam_unix(su-l:session): session closed for user popuser
then immediately afterwards,
/var/log/messages:
Jul 29 03:53:21 u######## kernel: imklog 4.6.2, log source = /proc/kmsg started. Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] (re)start
/var/log/messages (of that day):
Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] rsyslogd was HUPed,type 'restart'. Jul 29 03:53:21 u######## kernel: Kernel logging (proc) stopped.
And from /var/log/cron
Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[32242]: finished awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting logrotate
That's the last message I get before the server goes down. Everything I've Googled leads me to believe that the
session opened for user popuser
is a fairly common log entry and shouldn't be considered a threat, but for some reason I interpret that as something not so nice.Others have mentioned that PAM adding a faulty module could be a bug? I don't even know what PAM is....
Any insight on how to interpret these would be greatly appreciated. I've checked
/var/log/secure /var/log/messages /var/log/cron
Are there any other places I could look into to help diagnose this?
Many thanks, SF.
-
RCNeil almost 12 years@Hersheezy, I was away on vacation (of course) so someone from my company called 1&1 (the company that has the server) and they rebooted it for them. No explanation was given to them, so I am investigating it now. Thank you for your help.
-
-
RCNeil almost 12 yearsmany thanks. This definitely provides insight on the matter. It's nice to finally see someone else have this issue so it's not a fluke.