After upgrading to =sys-auth/pambase-20201028.1, any PAM-based service started to log these warnings: Oct 30 17:14:12 album sshd[22513]: PAM unable to resolve symbol: pam_sm_open_session Oct 30 17:14:12 album sshd[22513]: PAM unable to resolve symbol: pam_sm_close_session That's because =sys-auth/pambase-20201028.1 changed pam_cap.so modul in /etc/pam.d/system-auth configuration file from auth section to session section: -session optional pam_cap.so pam_cap.so module provided by =sys-libs/libcap-2.43 is designed for the auth section. Not for the session section. You can see that there is no pam_sm_open_session symbol provided by the shared object: $ nm -D /lib64/security/pam_cap.so | grep pam_ U pam_get_item U pam_get_user 0000000000001740 T pam_sm_authenticate 0000000000001838 T pam_sm_setcred and thus PAM library logs the warning. Please update sys-auth/pambase to use pam_cap correctly.
Relevant entry was "auth optional pam_cap.so" in <sys-auth/pambase-20200804 as described in bug #750524...
Happening here too; with sys-auth/pambase-20201028.1, various things (dovecot, su) produce: PAM unable to resolve symbol: pam_sm_open_session PAM unable to resolve symbol: pam_sm_close_session Rolling back to the only other pambase in the tree, sys-auth/pambase-20201013 fixed the warnings for me. Related, maybe dupes/regressions: https://bugs.gentoo.org/752027 https://bugs.gentoo.org/750524
*** Bug 752027 has been marked as a duplicate of this bug. ***
*** Bug 752369 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/pambase.git/commit/?id=daeb59effa26ace52bf699229a1bc22afe8808fd commit daeb59effa26ace52bf699229a1bc22afe8808fd Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-02 23:38:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-02 23:39:38 +0000 templates/system-auth.tpl: fix pam_cap realm This fixes the pam_cap realm which can only be auth. This is a regression from old pre-rewrite pambase. It was however exposed by the fixing of an incorrect module name (pam_libcap -> pam_cap) not long ago. Bug: https://bugs.gentoo.org/751946 Signed-off-by: Sam James <sam@gentoo.org> templates/system-auth.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=551c5c2257a3f47e3548e7132cf9fe937f2eb342 commit 551c5c2257a3f47e3548e7132cf9fe937f2eb342 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-02 23:46:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-03 07:23:09 +0000 sys-auth/pambase: bump to 20201103 Bug: https://bugs.gentoo.org/751946 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> sys-auth/pambase/Manifest | 1 + sys-auth/pambase/pambase-20201103.ebuild | 100 +++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+)