ART psa-proftpd on EL6: pam_stack.so not available

breun · **Posted:** Sun Mar 18, 2012 3:02 pm

On a server running CentOS 6.2 x86_64, Plesk 10.4.4 MU#22 and psa-proftpd-1.3.4a-1.el6.art.x86_64 /var/log/secure contains lots of messages like these:

Quote:

Feb 25 18:32:26 hostname proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Feb 25 18:32:26 hostname proftpd: PAM adding faulty module: /lib64/security/pam_stack.so

There is no file called /lib64/security/pam_stack.so on this server. /etc/pam.d/proftpd (owned by the psa-proftpd package) does refer to pam_stack:

Code:

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth       required   pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required   pam_stack.so service=system-auth
auth       required   pam_shells.so
account    required   pam_stack.so service=system-auth
session    required   pam_stack.so service=system-auth

I noticed that on EL5 x86_64 /lib64/security/pam_stack.so is part of the pam RPM, but on EL6 it's not. Is this a bug in the psa-proftpd package?

P.S. I see /etc/pam.d/imap and /etc/pam.d/pop3 also refer to pam_stack.so.

scott · **Posted:** Mon Mar 19, 2012 1:18 pm

Looks like the plesk package has the same problem. I duplicated the config from fedora 16, see if that one helps in the latest. BTW, this is one of those packages duplicated in both the atomic and asl repos. You do not have to be an ASL subscriber to get this update w/ clamav support.

breun · **Posted:** Mon Mar 19, 2012 2:01 pm

scott wrote:

Looks like the plesk package has the same problem.

I'll report it to Parallels as well then.

Kalimari · **Posted:** Mon Mar 19, 2012 2:23 pm

Had same issue, it is benign (apparently) but fills the log (+logwatch/annoying). Fixed on CentOS6 system by changing /etc/pam.d/proftpd from:

Code:

auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

to:

Code:

auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       include      system-auth
auth       required     pam_shells.so
account    include      system-auth
session    required     pam_loginuid.so

Cannot remember which user group or forum the solution was posted, but it works.

scott · **Posted:** Mon Mar 19, 2012 2:28 pm

Well shucks I wish you'd posted that sooner

I ended up duplicating the one from Fedora 16

Kalimari · **Posted:** Mon Mar 19, 2012 6:58 pm

scott wrote:

I ended up duplicating the one from Fedora 16

Just updated to psa-proftpd-1.3.4a-2 and the updated /etc/pam.d/proftpd complains about missing config again:

Code:

pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
pam_succeed_if(proftpd:session): error retrieving information about user 0

Is this the version from Fedora 16?

ART psa-proftpd on EL6: pam_stack.so not available

Who is online