Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Problems with security modules

Created: 28 Nov 2012 | 3 comments

Hello everyone.

I'll like to know if someone have this kind of messages:

auth|security:err|error bpjava-msvc PAM: load_modules: can not open module /usr/lib/security/pam_aix.

This error appear when we enable NBAC. Another symtomp is the java console work so slowly.

The version of NBU is 7.5.0.4, on AIX 5.3.

Please help.

Comments 3 CommentsJump to latest comment

CRZ's picture

This is a blind guess:

Check your /etc/pam.conf file?

Perhaps it should say "/usr/lib/security/64/pam_aix" instead of "/usr/lib/security/pam_aix"

(64bit vs. 32bit)


bit.ly/76LBN | APPLBN | 75LBN

Carlos V's picture

The configuration file display the next information:

ftp     auth    required        /usr/lib/security/pam_aix
imap    auth    required        /usr/lib/security/pam_aix
login   auth    required        /usr/lib/security/pam_aix
rexec   auth    required        /usr/lib/security/pam_aix
rlogin  auth    sufficient      /usr/lib/security/pam_rhosts_auth
rlogin  auth    required        /usr/lib/security/pam_aix
rsh     auth    required        /usr/lib/security/pam_rhosts_auth
snapp   auth    required        /usr/lib/security/pam_aix
su      auth    sufficient      /usr/lib/security/pam_allowroot
su      auth    required        /usr/lib/security/pam_aix
telnet  auth    required        /usr/lib/security/pam_aix
OTHER   auth    required        /usr/lib/security/pam_prohibit

The last line could be the problem? I mean, I have to specify bpjava-msvc to use the library .../../security/pam_aix?

As you can see, every option is /usr/lib/security/.

CRZ's picture

If you change the login line to:

login   auth    required        /usr/lib/security/64/pam_aix

does it work then?

(I'm asking because I believe bpjava-msvc requires 64bit from version 7.x - but again, I am mostly making a blind stab at it)

EDIT: After some further research... if this makes you uncomfortable, I believe you can specify without a path:

login   auth    required        pam_aix

This would allow 32 or 64 bit to be auto-selected depending on what's asking for it.  (in bpjava-msvc's case, 64)


bit.ly/76LBN | APPLBN | 75LBN