Just tracked down a problem with sudo at work. The error message
sudo: pam_authenticate: Module is unknown
would show up when doing “sudo su -”
An initial strace shows that libkeyutils was being looked for:
open("/lib64/tls/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fffe8902810) = -1 ENOENT (No such file or directory) open("/lib64/tls/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/lib64/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fffe8902810) = -1 ENOENT (No such file or directory)
but was not installed on the server. A “correct” server shows:
[root@host ~]# rpm -qa | grep keyutils|sort keyutils-libs-1.2-1.el5 keyutils-libs-1.2-1.el5 keyutils-libs-devel-1.2-1.el5 keyutils-libs-devel-1.2-1.el5
Without keyutils installed, the SSH keys we had set up weren’t able to be processed. PAM then fell back to local passwords, which was not set for the particular user in question.
Anyway, just hoping this helps someone else in the future.