CCRC: Login failures may occur when using PAM-based authentication on 64-bit Linux systems.

This technote explains why IBM® Rational® ClearCase® Remote Client (CCRC) users may not be able to login when configuring PAM-based user authentication on a 64-bit Linux system.
Symptom

When configuring PAM-based user authentication on a 64-bit Linux system, ClearCase Remote Client (CCRC) users may not be able to log in via CCRC. These users are able to log on locally or via telnet or SSH. Users added directly to the Linux host operate correctly with the ClearCase Remote Client.

A PAM trace shows that CCWEB with PAM authentication is looking for the pam_krb5.so in the /lib/security as shown in the debug log below:

Jul 17 20:43:06 lxappcdt0001 syslogd 1.4.1: restart.
Jul 17 20:43:29 lxappcdt0001 ccweb: pam_unix2: pam_sm_authenticate() called
Jul 17 20:43:29 lxappcdt0001 ccweb: pam_unix2: username=[d322702]
Jul 17 20:43:29 lxappcdt0001 ccweb: pam_unix2: dlopen("/lib/security/pam_krb5.so") failed: /lib/security/pam_krb5.so: cannot open shared object file: No such file or directory
Jul 17 20:43:29 lxappcdt0001 ccweb: pam_unix2: pw == NULL, return PAM_USER_UNKNOWN
Jul 17 20:43:29 lxappcdt0001 pam_tally[25904]: pam_tally: unknown option; debug
Jul 17 20:43:29 lxappcdt0001 pam_tally[25904]: pam_tally: pam_get_uid; no such user d322702

However, the 64-bit PAM libraries install to /lib64/security.


Cause

PAM is not authenticating on 64-bit Linux. ClearCase is a 32-bit application and the Linux server is missing the 32-bit PAM library modules.

Resolving the problem

Contact the provider of your Linux distribution to get the appropriate 32-bit PAM modules for your release.


The 32-bit rpm module should include these files as well:

Example:

[root@rcslnx01 ~]# ls -l /usr/lib/*pam*
-rw-r--r-- 1 root root 54794 May 12 2006 /usr/lib/libpam.a
-rw-r--r-- 1 root root 10370 May 12 2006 /usr/lib/libpamc.a
lrwxrwxrwx 1 root root 25 Sep 20 2006 /usr/lib/libpamc.so ->
../../lib/libpamc.so.0.77
-rw-r--r-- 1 root root 8466 May 12 2006 /usr/lib/libpam_misc.a
lrwxrwxrwx 1 root root 29 Sep 20 2006 /usr/lib/libpam_misc.so ->
../../lib/libpam_misc.so.0.77
lrwxrwxrwx 1 root root 24 Sep 20 2006 /usr/lib/libpam.so ->
../../lib/libpam.so.0.77

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)