我尝试使用以下命令在Suse 11 Sp1 Server 64位中添加pam_ldap模块:
pam-config -a --ldap OS信息:
node01:~ # file $(which pam-config) /usr/sbin/pam-config: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), stripped node01:~ # uname -m x86_64
所以我认为命令pam-config很好使用这个path中的pam模块/lib64/security/pam_ldap.so
但不是这样,它看起来在/ lib / security /目录下,所以它寻找pam模块的32位版本
node01:~ # pam-config --add --ldap ERROR: module /lib/security/pam_ldap.so is not installed. pam-config: invalid option -- --ldap Try `pam-config --help' or `pam-config --usage' for more information.
使用strace:
access("/lib/security/pam_ldap.so", F_OK) = -1 ENOENT (No such file or directory)
pam-config没有findldap的3bit版本模块,但是它find了64位
access("/lib64/security/pam_ldap.so", F_OK) = 0 write(2, "pam-config: invalid option -- --"..., 37pam-config: invalid option -- --ldap ) = 37 write(2, "Try `pam-config --help' or `pam-"..., 70Try `pam-config --help' or `pam-config --usage' for more information. ) = 70 exit_group(1) = ?
安装了pam_ldap模块
node01:~ # zypper se pam_ldap Loading repository data... Reading installed packages... S | Name | Summary | Type --+----------------+--------------------------------------+-------- i | pam_ldap | A PAM Module for LDAP Authentication | package | pam_ldap-32bit | A PAM Module for LDAP Authentication | package
我安装pam_ldap-32bit或创build符号链接:
ln -s /lib64/security/pam_ldap.so /lib/security/pam_ldap.so
这样,它的工作
所以我的问题是,为什么64位二进制查找32位版本库?
node01:~ # ldd /usr/sbin/pam-config linux-vdso.so.1 => (0x00007fffc9cf4000) libc.so.6 => /lib64/libc.so.6 (0x00007fddf5579000) /lib64/ld-linux-x86-64.so.2 (0x00007fddf5920000) node01:~ # echo $LD_LIBRARY_PATH node01:~ # [[ -z $LD_LIBRARY_PATH ]] && echo "empty" empty
跑
sudo zypper install pam_ldap # then you will be able to run the following command with no error. pam-config --add --ldap
以下文件将由pam-config命令/etc/pam.d目录修改:
common-password common-auth common-session-pc 这是添加的行
auth required pam_ldap.so use_first_pass