Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218635 - app-emulation/vmware-server 64bit PAM and vmware-authd
Summary: app-emulation/vmware-server 64bit PAM and vmware-authd
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: Gentoo VMWare Bug Squashers [disabled]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-20 19:38 UTC by phl0ri4n
Modified: 2008-06-05 18:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description phl0ri4n 2008-04-20 19:38:11 UTC
Apr 20 20:26:42 router17 xinetd[18025]: START: vmware-authd pid=28388 from=192.168.2.103
Apr 20 20:26:42 router17 vmware-authd[28388]: PAM unable to dlopen(/lib/security/pam_deny.so)
Apr 20 20:26:42 router17 vmware-authd[28388]: PAM [error: /lib/security/pam_deny.so: wrong ELF class: ELFCLASS64]
Apr 20 20:26:42 router17 vmware-authd[28388]: PAM adding faulty module: /lib/security/pam_deny.so
Apr 20 20:26:42 router17 vmware-authd[28388]: pam_listfile(vmware-authd:account): Refused user root for service vmware-authd
Apr 20 20:26:42 router17 xinetd[18025]: EXIT: vmware-authd status=1 pid=28388 duration=0(sec)
Apr 20 20:30:01 router17 cron[28463]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )





Reproducible: Always

Steps to Reproduce:
1. emerge app-emulation/vmware-server
2. configure /etc/xinetd.d/vmware-authd appropriate
3. try to connect with vmware-server-console




amd64 ~ # emerge --info
Portage 2.1.5_rc4 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.7-r2, 2.6.22-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r8 x86_64 AMD Sempron(tm) Processor 3300+
Timestamp of tree: Sat, 19 Apr 2008 01:45:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.5
dev-lang/python:     2.3.6-r2, 2.4.4-r4, 2.5.2-r1
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.12
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.62
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.24
ACCEPT_KEYWORDS="amd64 ~amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -pipe -O2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/vmware/workstation/lib/modules/binary /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/fax /usr/share/config /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -pipe -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://mirrors.64hosting.com/pub/mirrors/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LDFLAGS=""
LINGUAS="de"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/gentoo-de /usr/local/overlays/gentoo-de /usr/local/portage /usr/local/overlays/my-gentoo /usr/local/overlays/pkalin"
SYNC="rsync://192.168.2.100/gentoo-portage"
USE="X acpi alsa amd amd64 apache2 arts berkdb bluetooth bzip2 cairo ccache cdr cli cracklib crypt cups dbus divx dri dvb dvd dvdr dvdread eds emboss encode esd fam fat firefox foomaticdb fortran gdbm gif gimp gkrellm gnuplot gpm gstreamer gtk gtk2 h323 hal iconv icq imagemagick imap iproute2 ipv6 isdnlog jabber java javascript jpeg kde latex lirc mad math mbox midi mikmod mp3 mp4live mpeg mpeg2 mpeg4 mplayer mplayer-bin msn mudflap mysql ncurses nls nptl nptlonly nsplugin nvidia obex octave ogg oggvorbis opengl openmp openssh openssl oss pam pcre pdf perl php plotutils png ppds pppd python qt3 qt4 quicktime rar rdesktop readline reflection reiserfs samba sdl session sftp spell spl ssl tcpd tiff truetype unicode usb vcd vdr visualization vorbis wma wma123 xcomposite xinerama xinetd xml xml2 xorg xv xvid xvmc zlib" ALSA_CARDS="via82xx" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" LIRC_DEVICES="devinput" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64      mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis    sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS



router17 ~ # cat /etc/xinetd.d/vmware-authd
# default: on
# description: The VMware remote access authentification daemon
service vmware-authd
{
    disable         = no
    port            = 902
    socket_type     = stream
    protocol        = tcp
    wait            = no
    user            = root
    server          = /opt/vmware/server/sbin/vmware-authd
    only_from       = 192.168.2.103
    type            = unlisted
}
Comment 1 Mike Auty (RETIRED) gentoo-dev 2008-04-26 17:15:57 UTC
Hi, sorry for the long delay.  Could you please post the contents of /etc/pam.d/vmware-authd?  This should include the 32-bit pam emulation libraries (/lib32/security/), if yours does not, please re-emerge vmware-server and check again.  If it still doesn't (or it then does but you encounter the same problem) then we'll have to investigate further.  Thanks...  5:)
Comment 2 phl0ri4n 2008-04-27 06:52:49 UTC
router17 ~ # cat /etc/pam.d/vmware-authd
#%PAM-1.0
auth       required         /lib32/security/pam_unix.so shadow nullok
account    required         /lib32/security/pam_listfile.so item=group sense=allow file=/etc/vmware/vmwaregroup onerr=fail
account    required         /lib32/security/pam_unix.so

in the syslog error message:
Apr 27 07:41:47 router17 xinetd[16149]: START: vmware-authd pid=16471 from=192.168.2.103
Apr 27 07:41:47 router17 vmware-authd[16471]: PAM unable to dlopen(/lib/security/pam_deny.so)
Apr 27 07:41:47 router17 vmware-authd[16471]: PAM [error: /lib/security/pam_deny.so: wrong ELF class: ELFCLASS64]
Apr 27 07:41:47 router17 vmware-authd[16471]: PAM adding faulty module: /lib/security/pam_deny.so
Apr 27 07:41:47 router17 vmware-authd[16471]: pam_listfile(vmware-authd:account): Refused user root for service vmware-authd
Apr 27 07:41:47 router17 xinetd[16149]: EXIT: vmware-authd status=1 pid=16471 duration=0(sec)

do i have to put root into vmware group?
Comment 3 Mike Auty (RETIRED) gentoo-dev 2008-04-27 07:27:11 UTC
Yes, even root need to be in the vmware group if they want to log into the console, so please see if that helps.

Your pam file points directly to the 32-bit versions of pam, yet vmware-server for some reason is still being handed the 64-bit libraries (although, only the denial library, suggesting it only occurs for failed logons) and being asked to deal with them.  I haven't a clue why that's happening, nor really how to fix, but if a member of the vmware group can log in successfully then it's not really a big deal.
Comment 4 phl0ri4n 2008-06-05 18:24:24 UTC
root in vmware group solves the login problem