# pam-0.99 broke ssh login

## ctyy

I just upgraded pam from 0.78-r5 to 0.99-7.1, and found myself blocked from ssh login.

I can't login my box from console too. 

It said 'login incorrect' immediately after I enter my user name.

I login the box using single user mode, and found such lines in the /var/log/secure

 *Quote:*   

> 
> 
> Sep 20 22:25:20 localhost sshd[12881]: PAM unable to dlopen(/lib/security/pam_shells.so)
> 
> Sep 20 22:25:20 localhost sshd[12881]: PAM [dlerror: /lib/security/pam_shells.so: symbol pam_syslog, version LIBPAM_EXTENSION_1.0 not defined in file libpam.so.0 with link time reference]
> ...

 

I searched the Gentoo Forum for 'pam_syslog'. Some guy said restarting the vixie-cron can fix such problem.

But there was no luck after I restart the cron daemon.

Is there anyone can tell me what I should do to login my box....? Thanks very much.[/quote]

----------

## hermanng

Restarting cron is by far not enough. After switching to pam-0.99 you have to remerge (and after that, restart) all packages, that are linked against pam.

The most important ones are probably shadow and openssh. Get an up-to-date list of affected packages on your system with

```
qdepends -Q pam
```

 qdepends is part of the portage-utils package.

Upgrading pam is a serious thing, that has to be done in one big step. The least thing, as mentioned, is to re-emerge shadow and openssh and propbably kde-base before logging out or shutting down the machine.

If you have no more running shell on your machine, you have to boot with a Gentoo-, Knoppix- or whatever rescue cd, chroot in your environment and remerge the affected packages.

----------

## dzoster

Hey,

i think you didn't update your sshd-config file, don't use pam anymore and make sure password logins are allowed. 

Edit this in the config file. 

I'm not sure if you still have the problem but reply here if anything.

----------

## ctyy

Thank you for your answering. I connected to the server through ssh, so I don't think re-emerge openssh or sshd is a good idea.

I just add "=sys-libs/pam-0.78-r5" to "/etc/make.profile/packages" in all my servers. I think this will prevent the update of PAM.

 *dzoster wrote:*   

> Hey,
> 
> i think you didn't update your sshd-config file, don't use pam anymore and make sure password logins are allowed. 
> 
> Edit this in the config file. 
> ...

 

----------

## hermanng

 *ctyy wrote:*   

> Thank you for your answering. I connected to the server through ssh, so I don't think re-emerge openssh or sshd is a good idea.
> 
> 

  Nope, re-emerging openssh while being logged in via ssh is not a problem. As long as you use the program, it can't be deleted and will continue to work with the old pam library. When upgrading pam, you re-emerge openssh with the new pam while being logged via ssh. Then you can test with another ssh login, if the update was successful. Same thing with the shadow package(i.e. login).

----------

## tcd

Wouldn't a "revdep-rebuild --library libpam.so.0" fix this problem? (the only caveat I know of to this is that one has to reboot the machine after this)

----------

## imrambi

I'm having the same problem. Tried a revdep-rebuild --library libpam.so.0 and it didn't see to fix the problem. I might be having other issues for some other reason also as once init 3 starts, I have a login prompt. No hostname no interfaces up. I did see this error in the messages file though.

----------

## hermanng

wrt pam-issues  "revdep-rebuild --library libpam.so.0" should do the trick, yes. And I'm quite sure, that you won't need a reboot. After all, this is the beauty of linux, you can (re-)start any service without rebooting. Just restarting the re-emerged services is enough.

----------

## imrambi

For me the revdep-rebuild did not work, but that doesn't mean it wouldn't work. I had issued a emerge -e system again on the box that has the issue. It was still going along this morning but I was hearing some nice clicking from the hard drive. For me, it looks like it could be a bad hard drive that is causing the issue.

----------

## imrambi

The emerge -e system finished, an etc-update and a reboot later everything is working fine now.

----------

