[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: mod_auth_pam on HP-UX?



> > I downloaded mod_auth_pam 1.0a.   It compiles OK, but I'm
> having some kind
> > of problems with the linking and/or loading.
>
> > The main rule in the Makefile is:
>
> >   mod_auth_pam.so: mod_auth_pam.c
> >       apxs -c -lpam -ldl mod_auth_pam.c
>
> > I can't find a libdl anywhere on my system.   If I simply
> remove the " -ldl
> > " from the makefile, it will compile and install.  But when I
> run apache and
> > attempt to connect, it refuses the authentication, and in
> syslog there is a
> > line that says:
>
> >     syslog: load_modules: can not open module
> > /usr/lib/security/libpam_unix.1
>
> > Although I don't have a libdl, there is a libdld.  I don't know if that
> > should be a substitute or not, but simply substituting that in
> the apxs line
> > didn't help.  I just got a lot of unresolved references when
> running apache.
>
> Yes, I believe the equivalent to libdl on HPUX is libdld (at
> least, this is
> what we seem to be using in the Linux-PAM source tree now).

I think that I was barking up the wrong tree with libdld.   The unresolved
reference messages I got when running Apache were things that libdld wanted.
>From what I can see, mod_auth_pam is simply linked to /lib/libpam.sl.
However, libpam.sl would be the one the dynamic loading of
/usr/lib/security/libpam_unix.1 I think.

So what I don't quite understand is: does mod_auth_pam.so need the libraries
that libpam.sl will need to satisfy loading the pam modules, even though
mod_auth_pam itself is not doing the dynamic loading?

I found that if I touch /etc/pam_debug, HP-UX PAM will log more details in
the syslog.  When I run Apache and connect to it and get authentication
refused, I get this in the syslog:

----------------------------------------------------------------------------
------
Sep 26 09:33:14 silver PAM: pam_start(httpd abc)
Sep 26 09:33:14 silver PAM: pam_set_item(1)
Sep 26 09:33:14 silver PAM: pam_set_item(2)
Sep 26 09:33:14 silver PAM: pam_set_item(5)
Sep 26 09:33:14 silver PAM: pam_authenticate()
Sep 26 09:33:14 silver PAM: load_modules: /usr/lib/security/libpam_unix.1
Sep 26 09:33:14 silver PAM: open_module: /usr/lib/security/libpam_unix.1
failed: Unresolved external
Sep 26 09:33:14 silver PAM: load_modules: can not open module
/usr/lib/security/libpam_unix.1
Sep 26 09:33:14 silver PAM: pam_set_item(6)
Sep 26 09:33:14 silver PAM: pam_end(): status = Success
----------------------------------------------------------------------------
------

"abc" is the test username I put in the browser, so it seems that at least
Apache is talking to mod_auth_pam and mod_auth_pam is talking to libpam.sl

Unfortunately, I can't find anywhere that gives any more detail of what the
unresolved externals are for libpam_unix.1

Anyone have any suggestions on how I can narrow that down?


> ....  I'm personally still quite
> puzzled that HP seems to have chosen to write their own PAM implementation
> rather than leveraging Linux-PAM..

I don't know anything about how HP did their PAM, but in the top of
/usr/include/security/pam_appl.h and pam_modules.h, it does say "Copyright
(c) 1992-1995, by Sun Microsystems, Inc.".   Doesn't have any HP copyright.
So it doesn't look like they started from scratch, but perhaps diverged
somewhere back.    There is a single pam.conf file which includes entries
for all clients (login, ftp, su, etc.) and not an /etc/pam.d directory, so
it looks like some of the older pam docs I've found on the web.

Thanks for any help anyone can provide!

- Alan

--
Alan Millar                  Email: Alan.Millar@LPCorp.com
Unix System Administrator    Voice: 503-624-9004 x3014
Louisiana-Pacific            Fax:   509-692-3948






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []