Issue
The `alt-python311` SSL module linked to `alt-openssl11` broke pam authentication, led to grep pam_unix /var/log/auth.log | tail:
Aug 18 06:29:32 cl8x64 python[1450667]: PAM unable to dlopen(/usr/lib64/security/pam_unix.so): /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
Aug 18 06:29:32 cl8x64 python[1450667]: PAM adding faulty module: /usr/lib64/security/pam_unix.so
Environment
- Imunify360 v7.3 Stand-Alone
- PAM authentication
- alt-openssl11
Solution
A workaround for affected servers (generic pam auth doesn't work and `PAM unable to dlopen(/usr/lib64/security/pam_unix.so): /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b` in `/var/log/secure`):
mv /opt/alt/openssl11/lib64/libcrypto.so.1.1 /opt/alt/openssl11/lib64/libcrypto.so.1.1.back
Cause
The Kerberos library (libk5crypto.so.3) was built with the older version of OpenSSL (1.1.1k), using the newer version (1.1.1p) might cause an undefined symbol error. The patch is expected to be delivered with ALTPYTH-478.
Comments
0 comments
Please sign in to leave a comment.