PAM unable to dlopen(/lib64/security/pam_fprintd.so) causing CentOS/Redhat server to crash
Jul 29 03:53:15 u######## su: PAM adding faulty module:
/lib64/security/pam_fprintd.so
It looks like a bug: https://bugzilla.redhat.com/show_bug.cgi?id=505266
Install authconfig and try this:
authconfig --disablefingerprint --update
Related videos on Youtube
05 : 43
02 : 16
02 : 36
01 : 37
01 : 31
Comments
-
RCNeil almost 2 years
CentOS 6, Parallels PLESK 10.4, Apache
One of my servers went down over the weekend much to my dismay. On the day and time it occurred, my log errors/messages end with this -
/var/log/secure:
Jul 29 03:53:15 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:15 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session closed for user popuser Jul 29 03:53:16 u######## su: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory Jul 29 03:53:16 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:18 u######## su: pam_unix(su-l:session): session closed for user popuserthen immediately afterwards,
/var/log/messages:
Jul 29 03:53:21 u######## kernel: imklog 4.6.2, log source = /proc/kmsg started. Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] (re)start/var/log/messages (of that day):
Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] rsyslogd was HUPed,type 'restart'. Jul 29 03:53:21 u######## kernel: Kernel logging (proc) stopped.And from /var/log/cron
Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[32242]: finished awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting logrotateThat's the last message I get before the server goes down. Everything I've Googled leads me to believe that the
session opened for user popuseris a fairly common log entry and shouldn't be considered a threat, but for some reason I interpret that as something not so nice.Others have mentioned that PAM adding a faulty module could be a bug? I don't even know what PAM is....
Any insight on how to interpret these would be greatly appreciated. I've checked
/var/log/secure /var/log/messages /var/log/cronAre there any other places I could look into to help diagnose this?
Many thanks, SF.
-
RCNeil almost 12 years@Hersheezy, I was away on vacation (of course) so someone from my company called 1&1 (the company that has the server) and they rebooted it for them. No explanation was given to them, so I am investigating it now. Thank you for your help.
-
-
RCNeil almost 12 yearsmany thanks. This definitely provides insight on the matter. It's nice to finally see someone else have this issue so it's not a fluke.