pam_ssh on Centos 6 x64

138 views
Skip to first unread message

alex

unread,
Mar 2, 2013, 1:58:27 PM3/2/13
to rcdevs-t...@googlegroups.com
Hello *,

i wanted to try OpenSSH with OpenOTP according the howto on http://rcdevs.com/downloads/viewer.php?type=2&id=b34c1fe028353950de9ed42f641b569e.
When in try to use the precompiled module in ../build_linux64 i get "Speicherzugriffsfehler" aka "memory access error"

Executing dmesg leads to:
pam_openotp.so[17788]: segfault at 1 ip 0000000000000001 sp 00007fff14600768 err                                                                                                                                                     or 14 in pam_openotp.so[7fbea614b000+5000]
pam_openotp.so[17799]: segfault at 1 ip 0000000000000001 sp 00007fff9dd30f28 err                                                                                                                                                     or 14 in pam_openotp.so[7f5736a5c000+5000]
pam_openotp.so[17806]: segfault at 1 ip 0000000000000001 sp 00007fffed527638 err                                                                                                                                                     or 14 in pam_openotp.so[7f972c9b1000+385000]
pam_openotp.so[17848]: segfault at 3 ip 0000000000000003 sp 00007fff0937c1f8 err                                                                                                                                                     or 14 in pam_openotp.so[7f987c009000+5000]
pam_openotp.so[17850]: segfault at 3 ip 0000000000000003 sp 00007fff797d4e18 err                                                                                                                                                     or 14 in pam_openotp.so[7fb885f93000+385000]
pam_openotp.so[17909]: segfault at 3 ip 0000000000000003 sp 00007fff58dedae8 err                                                                                                                                                     or 14 in pam_openotp.so[7f588d24e000+5000]
pam_openotp.so[19996]: segfault at 1 ip 0000000000000001 sp 00007fffc2f01bd8 err                                                                                                                                                     or 14 in pam_openotp.so[7f7c0237d000+5000]
pam_openotp.so[20003]: segfault at 1 ip 0000000000000001 sp 00007ffff02a4dc8 err                                                                                                                                                     or 14 in pam_openotp.so[7f37765ab000+5000]
pam_openotp.so[20021]: segfault at 1 ip 0000000000000001 sp 00000000ff870344 err                                                                                                                                                     or 14 in pam_openotp.so[282000+2e6000]
pam_openotp.so[20107]: segfault at 1 ip 0000000000000001 sp 00007fff90c6a2d8 err                                                                                                                                                     or 14 in pam_openotp.so[7f0ff94ee000+385000]

Then i  downloaded  pam_openotp-1.0.6.tgz and  libopenotp-1.0.7.tgz, - extracted the packages and compiled each one of them + and installed them.

When i call /lib64/security/pam_openotp.so the dmesg output changes to:

pam_openotp.so[17788]: segfault at 1 ip 0000000000000001 sp 00007fff14600768 error 14 in pam_openotp.so[7fbea614b000+5000]
pam_openotp.so[17799]: segfault at 1 ip 0000000000000001 sp 00007fff9dd30f28 error 14 in pam_openotp.so[7f5736a5c000+5000]
pam_openotp.so[17806]: segfault at 1 ip 0000000000000001 sp 00007fffed527638 error 14 in pam_openotp.so[7f972c9b1000+385000]
pam_openotp.so[17848]: segfault at 3 ip 0000000000000003 sp 00007fff0937c1f8 error 14 in pam_openotp.so[7f987c009000+5000]
pam_openotp.so[17850]: segfault at 3 ip 0000000000000003 sp 00007fff797d4e18 error 14 in pam_openotp.so[7fb885f93000+385000]
pam_openotp.so[17909]: segfault at 3 ip 0000000000000003 sp 00007fff58dedae8 error 14 in pam_openotp.so[7f588d24e000+5000]
pam_openotp.so[19996]: segfault at 1 ip 0000000000000001 sp 00007fffc2f01bd8 error 14 in pam_openotp.so[7f7c0237d000+5000]
pam_openotp.so[20003]: segfault at 1 ip 0000000000000001 sp 00007ffff02a4dc8 error 14 in pam_openotp.so[7f37765ab000+5000]
pam_openotp.so[20021]: segfault at 1 ip 0000000000000001 sp 00000000ff870344 error 14 in pam_openotp.so[282000+2e6000]
pam_openotp.so[20107]: segfault at 1 ip 0000000000000001 sp 00007fff90c6a2d8 error 14 in pam_openotp.so[7f0ff94ee000+385000]
pam_openotp.so[20128]: segfault at 1 ip 0000000000000001 sp 00007fff65c970f8 error 14 in pam_openotp.so[7fd4c9f50000+5000]

According to README openssl-devel and libxml2 are installed.
What do i miss ? 

Thanks in advance.
Cheers
Alex

Administrators

unread,
Mar 4, 2013, 5:04:07 AM3/4/13
to RCDevs Security Solutions - Technical
You should install from sources: compile and install libopenOTP first
and then compile and install the PAM OpenOTP plugin.

On Mar 2, 7:58 pm, alex <alexander.boettr...@gmail.com> wrote:
> Hello *,
>
> i wanted to try OpenSSH with OpenOTP according the howto
> onhttp://rcdevs.com/downloads/viewer.php?type=2&id=b34c1fe028353950de9e....

alex

unread,
Mar 4, 2013, 8:45:05 AM3/4/13
to rcdevs-t...@googlegroups.com
Hello,

thanks a lot for your reply.

Any suggestions if already done in that order ?

Regards

Administrators

unread,
Mar 4, 2013, 8:48:06 AM3/4/13
to RCDevs Security Solutions - Technical
Oops you tried this already.
Be sure that there is no other Libopenotp installed on the system (for
ex. in /usr/lib/).

And do a "ldd pam_openotp.so" in /lib64/security/ to see if the
dependancies on the PAM module are Ok.

alex

unread,
Mar 4, 2013, 11:59:41 AM3/4/13
to rcdevs-t...@googlegroups.com
Good point - i had some "fragments" in /usr/lib64/ ...

I'm a bit ashamed - i see an error already when i compile pam_openotp: 
8<<
make
gcc -Wall -fPIC -c pam_openotp.c
pam_openotp.c: In Funktion »pam_sm_authenticate«:
pam_openotp.c:531: Warnung: Zuweisung von inkompatiblem Zeigertyp
gcc -Wall -fPIC -shared -lpthread -ldl -lm -lopenotp -o pam_openotp.so pam_opentp.o
>>8
It's a warning that in function pam_sm_authenticate  an incompatible pointer type is assigned.

Running ldd brings up:
ldd /lib64/security/pam_openotp.so
        linux-vdso.so.1 =>  (0x00007fffb6fff000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe3a6527000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fe3a6323000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fe3a609e000)
        libopenotp.so.1 => /usr/lib64/libopenotp.so.1 (0x00007fe3a5e7d000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fe3a5aea000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe3a694f000)
        libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fe3a5797000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fe3a553c000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fe3a51a2000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fe3a4f8b000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fe3a4d49000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fe3a4a6a000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fe3a4865000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fe3a4639000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fe3a442e000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fe3a422a000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fe3a4010000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fe3a3df1000)

Thank you.

alex

unread,
Mar 11, 2013, 10:13:06 AM3/11/13
to rcdevs-t...@googlegroups.com
Hello,

any update on this ? Where is my mistake ?

Thanks a lot!

Administrators

unread,
Mar 11, 2013, 10:33:02 AM3/11/13
to RCDevs Security Solutions - Technical
The warning is just a warning. Does it work anyway?

alex

unread,
Mar 11, 2013, 12:38:45 PM3/11/13
to rcdevs-t...@googlegroups.com
no, unfortunatelly it doesn't - running /lib64/security/pam_openotp.so

 leads to Speicherzugriffsfehler - aka MemoryAccessError.

Thanks.
Reply all
Reply to author
Forward
0 new messages