中神通公司技术论坛 - Powered by Discuz! Board

标题: 解决PAM unable to dlopen(/usr/lib64/security/pam_sss.so)错误 [打印本页]

作者: linda 时间: 2022-2-11 11:30 标题: 解决PAM unable to dlopen(/usr/lib64/security/pam_sss.so)错误

Centos、华为EulerOS、Alibaba Cloud Linux系列

改变之后测试
# sudo date

# journalctl -r 或 journalctl -n
Feb 11 11:23:09 TrustGate.com sudo[110427]: PAM unable to dlopen(/usr/lib64/security/pam_sss.so): /usr/lib64/security/pam>
Feb 11 11:23:09 TrustGate.com sudo[110427]: PAM adding faulty module: /usr/lib64/security/pam_sss.so

修改配置文件
# cat /etc/pam.d/sudo
#%PAM-1.0
auth    include    system-auth
account include    system-auth
password include    system-auth
session include    system-auth

注释掉/etc/pam.d/system-auth以及password-auth中所有包含sss的行
# cat /etc/pam.d/system-auth
# Generated by authselect on Sun Apr 25 03:14:44 2021
# Do not modify this file manually.

auth       required                                  pam_env.so
auth       required                                  pam_faildelay.so delay=2000000
auth       [default=1 ignore=ignore success=ok]       pam_usertype.so isregular
auth       [default=1 ignore=ignore success=ok]       pam_localuser.so
auth       sufficient                                  pam_unix.so nullok try_first_pass
auth       [default=1 ignore=ignore success=ok]       pam_usertype.so isregular
#auth       sufficient                                  pam_sss.so forward_pass
auth       required                                  pam_deny.so

account    required                                  pam_unix.so no_pass_expiry
account    sufficient                                  pam_localuser.so
account    sufficient                                  pam_usertype.so issystem
#account    [default=bad success=ok user_unknown=ignore] pam_sss.so
account    required                                  pam_permit.so

password requisite                                  pam_pwquality.so try_first_pass local_users_only
password sufficient                                  pam_unix.so sha512 shadow nullok try_first_pass use_authtok
#password sufficient                                  pam_sss.so use_authtok
password required                                  pam_deny.so

session    optional                                  pam_keyinit.so revoke
session    required                                  pam_limits.so
-session optional                                  pam_systemd.so
session    [success=1 default=ignore]                pam_succeed_if.so service in crond quiet use_uid
session    required                                  pam_unix.so
#session    optional                                  pam_sss.so

改变之后测试
# sudo date

# journalctl -r 或 journalctl -n
Feb 11 11:24:48 TrustGate.com sudo[110462]: pam_unix(sudo:session): session opened for user root by root(uid=0)
Feb 11 11:24:48 TrustGate.com sudo[110462]: pam_unix(sudo:session): session closed for user root

================
# authselect current
Profile ID: sssd

编辑/etc/authselect/authselect.conf文件
把sssd改成minimal

# authselect current
Profile ID: minimal

[ 本帖最后由 linda 于 2022-2-18 15:53 编辑 ]

欢迎光临中神通公司技术论坛 (http://trustcomputing.com.cn/bbs/)