Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Problems with security modules

Created: 28 Nov 2012 | 3 comments

Hello everyone.

I'll like to know if someone have this kind of messages:

auth|security:err|error bpjava-msvc PAM: load_modules: can not open module /usr/lib/security/pam_aix.

This error appear when we enable NBAC. Another symtomp is the java console work so slowly.

The version of NBU is, on AIX 5.3.

Please help.

Comments 3 CommentsJump to latest comment

CRZ's picture

This is a blind guess:

Check your /etc/pam.conf file?

Perhaps it should say "/usr/lib/security/64/pam_aix" instead of "/usr/lib/security/pam_aix"

(64bit vs. 32bit) | APPLBN | 761LBN

Carlos V's picture

The configuration file display the next information:

ftp     auth    required        /usr/lib/security/pam_aix
imap    auth    required        /usr/lib/security/pam_aix
login   auth    required        /usr/lib/security/pam_aix
rexec   auth    required        /usr/lib/security/pam_aix
rlogin  auth    sufficient      /usr/lib/security/pam_rhosts_auth
rlogin  auth    required        /usr/lib/security/pam_aix
rsh     auth    required        /usr/lib/security/pam_rhosts_auth
snapp   auth    required        /usr/lib/security/pam_aix
su      auth    sufficient      /usr/lib/security/pam_allowroot
su      auth    required        /usr/lib/security/pam_aix
telnet  auth    required        /usr/lib/security/pam_aix
OTHER   auth    required        /usr/lib/security/pam_prohibit

The last line could be the problem? I mean, I have to specify bpjava-msvc to use the library .../../security/pam_aix?

As you can see, every option is /usr/lib/security/.

CRZ's picture

If you change the login line to:

login   auth    required        /usr/lib/security/64/pam_aix

does it work then?

(I'm asking because I believe bpjava-msvc requires 64bit from version 7.x - but again, I am mostly making a blind stab at it)

EDIT: After some further research... if this makes you uncomfortable, I believe you can specify without a path:

login   auth    required        pam_aix

This would allow 32 or 64 bit to be auto-selected depending on what's asking for it.  (in bpjava-msvc's case, 64) | APPLBN | 761LBN