Before creating a ticket, please consider if this should fit the discussion forum better.
Environment
ejabberd version: ejabberd-23.10-1.x86_64
Erlang version: Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 13.2.2.5
OS: Linux (Fedora 38)
Installed from: official deb/rpm
Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
loglevel: 4
...
Errors from error.log/crash.log
No errors
Bug description
I am trying to migrate from our old jabberd2 (PAM integrated) server to ejabberd. I got it installed and running with a local account, and then "flipped" it to PAM via adding the following lines to ejabberd.yml
auth_method:
pam
pam_service: ejabberd
Restarted, and tried logging in with local user "user1@domain.name". (ie the Linux username is "user1"). Failed login generated the following in ejabber.log
2024-01-03 18:46:59.815927+13:00 [warning] <0.739.0>@ejabberd_c2s:process_auth_result/3:280 (tls|<0.739.0>) Failed c2s PLAIN authentication for user1@domain.name from 1.2.3.4: Invalid username or password
..and the following PAM errors via syslog
Jan 3 18:39:22 domain.name epam[45099]: PAM unable to dlopen(/home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so): /home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so: cannot open shared object file: No such file or directory
Jan 3 18:39:22 domain.name epam[45099]: PAM adding faulty module: /home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so
So it looks like the ejabber binary in the repo is hard-linked to use some dev-installed version of PAM rather than the OSes version? e.g. pam_deny.so is /usr/lib64/security/pam_deny.so under Fedora. I added a /etc/pam.d/ejabberd file and tried again - didn't make a difference.
Before creating a ticket, please consider if this should fit the discussion forum better.
Environment
Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
Errors from error.log/crash.log
No errors
Bug description
I am trying to migrate from our old jabberd2 (PAM integrated) server to ejabberd. I got it installed and running with a local account, and then "flipped" it to PAM via adding the following lines to ejabberd.yml
auth_method:
Restarted, and tried logging in with local user "user1@domain.name". (ie the Linux username is "user1"). Failed login generated the following in ejabber.log
2024-01-03 18:46:59.815927+13:00 [warning] <0.739.0>@ejabberd_c2s:process_auth_result/3:280 (tls|<0.739.0>) Failed c2s PLAIN authentication for user1@domain.name from 1.2.3.4: Invalid username or password
..and the following PAM errors via syslog
Jan 3 18:39:22 domain.name epam[45099]: PAM unable to dlopen(/home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so): /home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so: cannot open shared object file: No such file or directory Jan 3 18:39:22 domain.name epam[45099]: PAM adding faulty module: /home/runner/build/ejabberd/x86_64-linux-gnu/lib/security/pam_deny.so
So it looks like the ejabber binary in the repo is hard-linked to use some dev-installed version of PAM rather than the OSes version? e.g. pam_deny.so is /usr/lib64/security/pam_deny.so under Fedora. I added a /etc/pam.d/ejabberd file and tried again - didn't make a difference.