On 13:20 Mon 06 Feb , Herbert Schmid wrote: > > To trigger, you need to have some additional modules installed and enabled.
I'm still unable to reproduce this, but have some comments, see below. > > Authentification fails completly if you us some additional modules in an > auth clause. But the error can be seen with session, too: > > $ dpkg -l libpam* | grep ^i > ii libpam-cgfs 2.0.5-0ubuntu1~ubuntu16.04.1 amd64 > PAM module for managing cgroups for LXC > ii libpam-gnome-keyring:amd64 3.18.3-0ubuntu2 amd64 > PAM module to unlock the GNOME keyring upon login > ii libpam-modules:amd64 1.1.8-3.2ubuntu2 amd64 > Pluggable Authentication Modules for PAM > ii libpam-modules-bin 1.1.8-3.2ubuntu2 amd64 > Pluggable Authentication Modules for PAM - helper binaries > ii libpam-runtime 1.1.8-3.2ubuntu2 all > Runtime support for the PAM library > ii libpam-systemd:amd64 229-4ubuntu16 amd64 > system and service manager - PAM module > ii libpam0g:amd64 1.1.8-3.2ubuntu2 amd64 > Pluggable Authentication Modules library > > > From the log (as an example): > Feb 6 09:20:20 intern auth: PAM unable to dlopen(pam_cgfs.so): > /lib/security/pam_cgfs.so: cannot open shared object file: No such file > or directory This message is a bit misleading: it is printed only after PAM has searched both, /lib/<arch>/security *and* /lib/security and was unable to load the module (but only mentions the latter). If you strace the auth process, you'll probably see PAM trying both locations before emitting the warning. This can be caused by dlopen() not being able to load pam_cgfs.so, even though it exists. Can you please strace -f the auth process to find out if it tries both locations first?
