Centos – PAM unable to dlopen(/lib64/security/pam_fprintd.so) causing CentOS/Redhat server to crash

centoscentos6pamserver-crashes

CentOS 6, Parallels PLESK 10.4, Apache

One of my servers went down over the weekend much to my dismay. On the day and time it occurred, my log errors/messages end with this –

/var/log/secure:

Jul 29 03:53:15 u######## su: PAM adding faulty module: 
  /lib64/security/pam_fprintd.so
Jul 29 03:53:15 u######## su: pam_unix(su-l:session): 
  session opened for user popuser by (uid=0)
Jul 29 03:53:16 u######## su: pam_unix(su-l:session): 
  session closed for user popuser
Jul 29 03:53:16 u######## su: PAM unable to dlopen(/lib64/security/pam_fprintd.so):
 /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or
 directory
Jul 29 03:53:16 u######## su: PAM adding faulty module: 
 /lib64/security/pam_fprintd.so
Jul 29 03:53:16 u######## su: pam_unix(su-l:session):
 session opened for user popuser by (uid=0)
Jul 29 03:53:18 u######## su: pam_unix(su-l:session): 
 session closed for user popuser

then immediately afterwards,

/var/log/messages:

Jul 29 03:53:21 u######## kernel: imklog 4.6.2, log source = /proc/kmsg started.
Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2"
 x-pid="1370" x-info="http://www.rsyslog.com"] (re)start

/var/log/messages (of that day):

Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2"
 x-pid="1370" x-info="http://www.rsyslog.com"] rsyslogd was HUPed,type 'restart'.
Jul 29 03:53:21 u######## kernel: Kernel logging (proc) stopped.

And from /var/log/cron

Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting awstats
Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[32242]: finished awstats
Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting logrotate

That's the last message I get before the server goes down. Everything I've Googled leads me to believe that the session opened for user popuser is a fairly common log entry and shouldn't be considered a threat, but for some reason I interpret that as something not so nice.

Others have mentioned that PAM adding a faulty module could be a bug? I don't even know what PAM is….

Any insight on how to interpret these would be greatly appreciated. I've checked

/var/log/secure
/var/log/messages
/var/log/cron

Are there any other places I could look into to help diagnose this?

Many thanks, SF.

Best Answer

Jul 29 03:53:15 u######## su: PAM adding faulty module: 
  /lib64/security/pam_fprintd.so

It looks like a bug: https://bugzilla.redhat.com/show_bug.cgi?id=505266

Install authconfig and try this:

authconfig --disablefingerprint --update
Related Topic