cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with security modules

Carlos_V
Level 6

Hello everyone.

I'll like to know if someone have this kind of messages:

 

auth|security:err|error bpjava-msvc PAM: load_modules: can not open module /usr/lib/security/pam_aix.

 

This error appear when we enable NBAC. Another symtomp is the java console work so slowly.

The version of NBU is 7.5.0.4, on AIX 5.3.

Please help.

3 REPLIES 3

CRZ
Level 6
Employee Accredited Certified

This is a blind guess:

Check your /etc/pam.conf file?

Perhaps it should say "/usr/lib/security/64/pam_aix" instead of "/usr/lib/security/pam_aix"

(64bit vs. 32bit)

Carlos_V
Level 6

The configuration file display the next information:

ftp     auth    required        /usr/lib/security/pam_aix
imap    auth    required        /usr/lib/security/pam_aix
login   auth    required        /usr/lib/security/pam_aix
rexec   auth    required        /usr/lib/security/pam_aix
rlogin  auth    sufficient      /usr/lib/security/pam_rhosts_auth
rlogin  auth    required        /usr/lib/security/pam_aix
rsh     auth    required        /usr/lib/security/pam_rhosts_auth
snapp   auth    required        /usr/lib/security/pam_aix
su      auth    sufficient      /usr/lib/security/pam_allowroot
su      auth    required        /usr/lib/security/pam_aix
telnet  auth    required        /usr/lib/security/pam_aix
OTHER   auth    required        /usr/lib/security/pam_prohibit

The last line could be the problem? I mean, I have to specify bpjava-msvc to use the library .../../security/pam_aix?

As you can see, every option is /usr/lib/security/.

 


 

CRZ
Level 6
Employee Accredited Certified

If you change the login line to:

login   auth    required        /usr/lib/security/64/pam_aix

does it work then?

(I'm asking because I believe bpjava-msvc requires 64bit from version 7.x - but again, I am mostly making a blind stab at it)

EDIT: After some further research... if this makes you uncomfortable, I believe you can specify without a path:

login   auth    required        pam_aix

This would allow 32 or 64 bit to be auto-selected depending on what's asking for it.  (in bpjava-msvc's case, 64)