On Wednesday, 12. March 2008 18:35:25 Russ Allbery wrote: > Gunnar Krull <[EMAIL PROTECTED]> writes: > > Package: libpam-openafs-session > > Version: 1.0-7 > > > > Hi! I've encountered a problem while using the Courier authdaemond for > > imap login authentications via pam. The authdaemond shows an error but > > nevertheless pam_openafs_session.so is loaded and functional: > > > > --- /var/log/syslog > > Mar 11 13:05:54 mail authdaemond: PAM unable to > > dlopen(/lib/security/pam_openafs_session.so) Mar 11 13:05:54 mail > > authdaemond: PAM [dlerror: /lib/security/pam_openafs_session.so: > > undefined symbol: pam_set_data] Mar 11 13:05:54 mail authdaemond: PAM > > adding faulty module: /lib/security/pam_openafs_session.so > > [...] > > > Compiling pam_openafs_session.so with modified options eliminates the > > undefined symbols problem (by activating the already existing option: > > OSLIBS = -lpam -lresolv): > > The replacement for pam_openafs_session in lenny does link directly with > the PAM libraries. Usually, though, the application calling PAM links > with the PAM libraries and therefore loads them anyway. For some reason, > this isn't the case for Courier authdaemond based on the above analysis. > > I suspect this is working fine for all other applications because those > other applications are linked directly with the PAM library and hence > provide it to any loaded PAM modules. I bet Courier authdaemond is doing > some sort of weird game with dynamic loading. > > Realistically, we probably won't end up fixing this for etch; the > pam_openafs_session package has been completely replaced with a different > package for lenny, and I think the problem only affects that one PAM-using > application (which probably doesn't need to get an AFS PAG or token > anyway and is just running the module since it's part of the general > system configuration). But if you disagree with that evaluation, please > do let me know.
Part of our mail is stored in AFS so that the imap daemon needs a token to access those users mail dirs. This is done by pam and libpam-openafs-session. A workaround for me is to compile it with the above options or to use the replacement from testing or unstable like you've mentioned. But since Etch is the stable Debian distribution still for some time maybe someone else or some other weird applications run into a similar problem ... Regards, Gunnar Krull -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
