Re: pam_yubico error : undefined symbol: pam_set_data

2010-10-08T19:25:00+01:00

I found the problem :
I had the following line to /etc/init.d/openvpn:

Code:

export LD_PRELOAD=/lib64/libpam.so.0.81.5

Software used :
Centos 5.5 (64 bits )+ EPEL repo. All packages below from this repo
ykclient-2.2-1.el5
openvpn-2.1.1-2.el5
pam_yubico-2.1-2.el5

I used /etc/pam.d/login to create /etc/pam.d/openvpn

Code:

#%PAM-1.0
auth       required     pam_yubico.so authfile=/etc/yubikey_mappings id=16 debug
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    optional     pam_keyinit.so force revoke

And modified /etc/openvpn/server.conf

Code:

username-as-common-name
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn

I hope this help

Statistics: Posted by fmedery — Fri Oct 08, 2010 7:25 pm

pam_yubico error : undefined symbol: pam_set_data

2010-10-05T22:02:01+01:00

Hello I just received my yubikey and I am trying to configure openvpn with pam on CentOS 5.5 32 bits (tried on 64 bits too). I m not using radius

I install ykclient and can get auth with the api.yubico.com server

I can connect and use openvpn with certs + username +password.
I modified the server file for the yubikey+openvpn (last line)

server.conf

Code:

local 192.168.4.16
port 443
proto tcp
dev tun
ca    /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert    /etc/openvpn/easy-rsa/2.0/keys/vpn.lexum.com.crt
crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.5.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push  "dhcp-option WINS 192.168.4.29"
keepalive 10 120
comp-lzo
user   openvpn
group    openvpn
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
username-as-common-name
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so openvpn

Now I create several files :
/etc/pam.d/openvpn

Code:

#%PAM-1.0
auth required /lib/security/pam_yubico.so id=2 authfile=/etc/openvpn/yubikey_mapping
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

and /etc/openvpn/yubikey_mapping

Code:

user1:ccccceedtieb

Now on the windows station I launch the openvpn client and type at the prompt:
username
password+press the yubikey to get the OTP

But I have this error :

Quote:

PAM unable to dlopen(/lib/security/pam_yubico.so)
Oct 5 16:46:41 parma openvpn[3730]: PAM [error: /lib/security/pam_yubico.so: undefined symbol: pam_set_data]
Oct 5 16:46:41 parma openvpn[3730]: PAM adding faulty module: /lib/security/pam_yubico.so

There is no connection to the api.yubico.com (using tcpdump)

I tried with pam_yubico 2.1.2 (EPEL repository) and 2.5 from source bu the problem is always the same

Any idea ?

TX

Statistics: Posted by fmedery — Tue Oct 05, 2010 10:02 pm

Yubico Forum

Re: pam_yubico error : undefined symbol: pam_set_data

pam_yubico error : undefined symbol: pam_set_data