| Yubico Forum https://forum.yubico.com/ |
|
| pam_yubico error : undefined symbol: pam_set_data https://forum.yubico.com/viewtopic.php?f=5&t=574 |
Page 1 of 1 |
| Author: | fmedery [ Tue Oct 05, 2010 10:02 pm ] |
| Post subject: | pam_yubico error : undefined symbol: pam_set_data |
Hello I just received my yubikey and I am trying to configure openvpn with pam on CentOS 5.5 32 bits (tried on 64 bits too). I m not using radius I install ykclient and can get auth with the api.yubico.com server I can connect and use openvpn with certs + username +password. I modified the server file for the yubikey+openvpn (last line) server.conf Code: local 192.168.4.16 port 443 proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/vpn.lexum.com.crt crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 192.168.5.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option WINS 192.168.4.29" keepalive 10 120 comp-lzo user openvpn group openvpn persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 username-as-common-name plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so openvpn Now I create several files : /etc/pam.d/openvpn Code: #%PAM-1.0 auth required /lib/security/pam_yubico.so id=2 authfile=/etc/openvpn/yubikey_mapping auth include system-auth account include system-auth password include system-auth session include system-auth and /etc/openvpn/yubikey_mapping Code: user1:ccccceedtieb Now on the windows station I launch the openvpn client and type at the prompt: username password+press the yubikey to get the OTP But I have this error : Quote: PAM unable to dlopen(/lib/security/pam_yubico.so) Oct 5 16:46:41 parma openvpn[3730]: PAM [error: /lib/security/pam_yubico.so: undefined symbol: pam_set_data] Oct 5 16:46:41 parma openvpn[3730]: PAM adding faulty module: /lib/security/pam_yubico.so There is no connection to the api.yubico.com (using tcpdump) I tried with pam_yubico 2.1.2 (EPEL repository) and 2.5 from source bu the problem is always the same Any idea ? TX |
|
| Author: | fmedery [ Fri Oct 08, 2010 7:25 pm ] |
| Post subject: | Re: pam_yubico error : undefined symbol: pam_set_data |
I found the problem : I had the following line to /etc/init.d/openvpn: Code: export LD_PRELOAD=/lib64/libpam.so.0.81.5 Software used : Centos 5.5 (64 bits )+ EPEL repo. All packages below from this repo ykclient-2.2-1.el5 openvpn-2.1.1-2.el5 pam_yubico-2.1-2.el5 I used /etc/pam.d/login to create /etc/pam.d/openvpn Code: #%PAM-1.0 auth required pam_yubico.so authfile=/etc/yubikey_mappings id=16 debug auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session optional pam_keyinit.so force revoke And modified /etc/openvpn/server.conf Code: username-as-common-name plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn I hope this help |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|