CentOS 5.2 and OMSA

Jeff jlar310 at gmail.com
Sat Feb 21 16:57:00 CST 2009


On Sat, Feb 21, 2009 at 11:03 AM, Mark Paschke <mark at m5media.net> wrote:
> hello,
>
> I have been trying to get OMSA 5.5 to work on my centOS 5.2 box with cpanel
> installed, the login just keeps getting rejected.  Although Cent is
> unsupported, we 'tricked' the installer into thinking it's a red hat box.  I
> have the 32 bit PAM libraries installed as far as I know.  Here is the
> output from /var/log/secure when trying to login to the OMSA interface:
>
> Feb 21 10:48:47 media2 dsm_om_connsvc32d: PAM unable to
> dlopen(/lib/security/pam_hulk.so)
> Feb 21 10:48:47 media2 dsm_om_connsvc32d: PAM [error:
> /lib/security/pam_hulk.so: cannot open shared object file: No such file or
> directory]
> Feb 21 10:48:47 media2 dsm_om_connsvc32d: PAM adding faulty module:
> /lib/security/pam_hulk.so
>
> This 'pam_hulk.so' package seems to be the problem, although it is neither
> supplied by redhat nor Dell?  There is a cpanel brute force login protector
> program called cPHulk - that is the only thing I can think of that is
> related...
>
> Here is the results of a 'rpm -qa --qf
> "%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n" | grep pam'
>
> pam_passwdqc-1.0.2-1.2.2.x86_64
> pam-devel-0.99.6.2-3.27.el5.i386
> pam_ccreds-3-5.i386
> pam_krb5-2.2.14-1.el5_2.1.i386
> pam_smb-1.1.7-7.2.1.x86_64
> pam-0.77-65.1.i386
> pam-0.99.6.2-3.27.el5.i386
> pam_ccreds-3-5.x86_64
> pam_passwdqc-1.0.2-1.2.2.i386
> pam_pkcs11-0.5.3-23.x86_64
> pam_smb-1.1.7-7.2.1.i386
> spamassassin-3.1.7-4.el5.x86_64
> pam_pkcs11-0.5.3-23.i386
> pam-0.75-54.i386
> pam_krb5-2.2.14-1.el5_2.1.x86_64
> pam-devel-0.99.6.2-3.27.el5.x86_64
> pam-0.99.6.2-3.27.el5.x86_64
>
> anyone have any ideas or fixes?

Educated guess here...

Look at /etc/pam.d/omauth. I can't say for sure, but guessing by the
name, I'd say that's "om" for Open Manage. On my system it seems to
just reference the /etc/pam.d/system-auth configuration, which on your
system probably has the added protection from cpanel that you
mentioned.

So, you need to rewrite /etc/pam.d/omauth to be standalone, not
referencing the default system-auth requirements. So why does
pam_hulk.so not break system-auth? Maybe your system only has a 64 bit
pam_hulk.so, so 32-bit OMSA can't use it.

Try this command:

file `locate pam_hulk.so`

It will probably tell you that only one pam_hulk.so file is on the
system and that it is 64 bit. Maybe you can find a 32 bit pam_hulk.so
and not have to change the omauth configuration.

Too bad we don't have 64-bit Open Manage. Is anybody running 32 bit
servers any more?

-- 
Jeff



More information about the Linux-PowerEdge mailing list