Tag Archives: security

sudo and local passwords vs SSH

Just tracked down a problem with sudo at work. The error message

sudo: pam_authenticate: Module is unknown

would show up when doing “sudo su -”

An initial strace shows that libkeyutils was being looked for:

open("/lib64/tls/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffe8902810) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffe8902810)   = -1 ENOENT (No such file or directory)

but was not installed on the server. A “correct” server shows:

[root@host ~]# rpm -qa | grep keyutils|sort
keyutils-libs-1.2-1.el5
keyutils-libs-1.2-1.el5
keyutils-libs-devel-1.2-1.el5
keyutils-libs-devel-1.2-1.el5

Without keyutils installed, the SSH keys we had set up weren’t able to be processed. PAM then fell back to local passwords, which was not set for the particular user in question.

Anyway, just hoping this helps someone else in the future.