# Upgraded pam, unable to login.

## Iesos

Hi.

I upgraded to pam-0.99.8.1-r1 yesterday, started xscreensaver this morning, and just got back, and the screensaver said "Authentication failed" whenever I pressed a key.

I thought that my screensaver had become mad, so I killed it. But then X crashed, and I got to the gdm-login, which started prompting messages that said "Authentication failed", and reprompted it whenever I got rid of it. After a downgrade to the older pam, it works again.

Any one who recognizes this and has a fix? If you need me to post anything, just tell med what, I don't know where to begin when it comes to this.

----------

## eccerr0r

Did you etc-update all the new configs in /etc/pam.d ? sounds like some of the policy changes conflict with the old version of pam...

----------

## Iesos

Yes, I did run etc-update (so thats not the problem), it changed 5 out of 6 automatically, the last one was /etc/pam.d/system-auth, which I also changed to the new one. These are the different system-auth files:

```
#%PAM-1.0

auth       required     pam_env.so

auth       sufficient   pam_unix.so likeauth nullok

auth       required     pam_deny.so

account    required     pam_unix.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3

password   sufficient   pam_unix.so nullok md5 shadow use_authtok

password   required     pam_deny.so

session    required     pam_limits.so

session    required     pam_unix.so
```

```
#%PAM-1.0

auth       required     pam_env.so

auth       sufficient   pam_unix.so try_first_pass likeauth nullok

auth       required     pam_deny.so

account    required     pam_unix.so

# This can be used only if you enabled the cracklib USE flag

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3

# This can be used only if you enabled the cracklib USE flag

password   sufficient   pam_unix.so try_first_pass use_authtok nullok md5 shadow

# This can be used only if you enabled the !cracklib USE flag

# password   sufficient pam_unix.so try_first_pass nullok md5 shadow

password   required     pam_deny.so

session    required     pam_limits.so

session    required     pam_unix.so
```

----------

## dolphinling

Was this ever fixed? I'm getting the same thing trying to run XNest, and now I'm scared to shut down for fear I won't be able to log in afterward.

In /var/log/everything/current I have the following:

```
Nov  9 01:51:14 [gdm] PAM unable to dlopen(/lib/security/pam_env.so)

Nov  9 01:51:14 [gdm] PAM [dlerror: /lib/security/pam_env.so: symbol pam_syslog, version LIBPAM_EXTENSION_1.0 not defined in file libpam.so.0 with link time reference]

Nov  9 01:51:14 [gdm] PAM adding faulty module: /lib/security/pam_env.so

Nov  9 01:51:14 [gdm] PAM unable to dlopen(/lib/security/pam_unix.so)

Nov  9 01:51:14 [gdm] PAM [dlerror: /lib/security/pam_unix.so: symbol pam_modutil_getlogin, version LIBPAM_MODUTIL_1.0 not defined in file libpam.so.0 with link time reference]

Nov  9 01:51:14 [gdm] PAM adding faulty module: /lib/security/pam_unix.so

Nov  9 01:51:14 [gdm] PAM unable to dlopen(/lib/security/pam_nologin.so)

Nov  9 01:51:14 [gdm] PAM [dlerror: /lib/security/pam_nologin.so: symbol pam_syslog, version LIBPAM_EXTENSION_1.0 not defined in file libpam.so.0 with link time reference]

Nov  9 01:51:14 [gdm] PAM adding faulty module: /lib/security/pam_nologin.so

Nov  9 01:51:14 [gdm] PAM unable to dlopen(/lib/security/pam_cracklib.so)

Nov  9 01:51:14 [gdm] PAM [dlerror: /lib/security/pam_cracklib.so: symbol pam_syslog, version LIBPAM_EXTENSION_1.0 not defined in file libpam.so.0 with link time reference]

Nov  9 01:51:14 [gdm] PAM adding faulty module: /lib/security/pam_cracklib.so

Nov  9 01:51:14 [gdm] PAM unable to dlopen(/lib/security/pam_limits.so)

Nov  9 01:51:14 [gdm] PAM [dlerror: /lib/security/pam_limits.so: symbol pam_syslog, version LIBPAM_EXTENSION_1.0 not defined in file libpam.so.0 with link time reference]

Nov  9 01:51:14 [gdm] PAM adding faulty module: /lib/security/pam_limits.so

Nov  9 01:51:15 [gdm] Couldn't authenticate user

```

Bug 182242 seems possibly relevant, but I checked the permission on pam_* in /lib/security, and it's all good.

----------

## Iesos

 *dolphinling wrote:*   

> Was this ever fixed? I'm getting the same thing trying to run XNest, and now I'm scared to shut down for fear I won't be able to log in afterward.

 

No, this is not fixed! I have masked that version of PAM for now. No ideas on what wrong what so ever.

----------

## snIP3r

hi all!

perhaps this pam upgrade guide link might help:

http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml

i had similar problems and this fixed it for me.

HTH

snIP3r

----------

## DirtyHairy

I had trouble with logging in on my girlfriends laptop after the PAM upgrade (which also were not caused by deprecated PAM modules). Recompiling everything depending on PAM (equery depends pam) fixed things for me...

----------

## dolphinling

I've run revdep-rebuild and recompiled pam and re-read through the upgrade guide (I followed it the first time), and XNest still gives the error. However, the on thing I have *not* done is restarted X. I'm afraid to since obviously if things don't work I won't be able to log in again, but it seems like it might be a necessary step. Anyone who had this fixed know if that was in fact required for them?

----------

## snIP3r

 *dolphinling wrote:*   

> I've run revdep-rebuild and recompiled pam and re-read through the upgrade guide (I followed it the first time), and XNest still gives the error. However, the on thing I have *not* done is restarted X. I'm afraid to since obviously if things don't work I won't be able to log in again, but it seems like it might be a necessary step. Anyone who had this fixed know if that was in fact required for them?

 

sorry i cannot help you with this special thing cause i do not have installed x (i had the issue on my gateway server box) but i think you should try... only my suggestion...

HTH

snIP3r

----------

## dolphinling

Restarting X did indeed fix it. Thanks for the help, everyone!  :Smile: 

----------

## snIP3r

ok!  :Wink: 

so you should mark this thread [solved] or something like that to show the others that the problem no longer exists...

greets

snIP3r

----------

