Issue with pam_privacyidea.so module and libcurl dependency

mcneale · April 22, 2024, 9:10pm

Hello,

I am trying to set up the pam_privacyidea.so module on an Ubuntu 20.04.6 LTS server to integrate privacyIDEA as a second-factor authentication for SSH login, after authenticating with OpenLDAP as the first factor.

I have compiled the pam_privacyidea.so module from the source code provided in the privacyIDEA repository, following the instructions in the README. However, when attempting to use the compiled module, I’m encountering the following error in the /var/log/auth.log:

Apr 22 18:44:52 privacyidea sshd[553733]: PAM unable to dlopen(/lib64/security/pam_privacyidea.so): /lib64/security/pam_privacyidea.so: undefined symbol: curl_easy_perform
Apr 22 18:44:52 privacyidea sshd[553733]: PAM adding faulty module: /lib64/security/pam_privacyidea.so

I have tried various approaches to resolve this issue, including:

Updating the Makefile to include the required libcurl dependencies and library paths.
Ensuring that the libcurl development package (libcurl4-openssl-dev) is installed on the system.
Checking for conflicting libcurl versions and updating the library search paths in /etc/ld.so.conf.

Despite these efforts, the pam_privacyidea.so module still fails to load due to the missing curl_easy_perform symbol from the libcurl library.

I have followed the privacyIDEA documentation and configured the /etc/pam.d/sshd file to include the privacyidea-auth file, which references the pam_privacyidea.so module.

Could someone from the privacyIDEA community please assist me in resolving this issue? Any help or guidance would be greatly appreciated.

Thank you in advance.

nilsbehlen · April 23, 2024, 9:49am

How did you compile? Have you tried the binary that is downloadable from github?

mcneale · April 23, 2024, 2:39pm

Thanks for the response. I used g++ to compile the code within this repository, GitHub - privacyidea/privacyidea-pam: Module for Linux PAM stack to authenticate users against privacyIDEA

Is there another repository with the binary?

nilsbehlen · April 24, 2024, 7:09am

did you add -lcurl as linker option, like described in the readme?
The download is in the same repo:

Qintiy · May 30, 2024, 12:26pm

@mcneale did you solve the issue cuz I have same problem?

plettich · May 31, 2024, 2:00pm

It looks like the GNU linker needs a specific order of parameters. Please put the $(LDFLAGS) at the end of the command here:

github.com

privacyidea/privacyidea-pam/blob/24b903ea8fc9a93ef5fe164cca5eb52fdf8b04a8/Makefile#L23


      
          objects = src/pam_privacyidea.o src/privacyidea.o
          
          all: pam_privacyidea.so
          
          $(objects): src/%.o: src/%.cpp
          
          %.o:
          	$(CC) -c $(CFLAGS) $< -o $@
          
          $(target): $(objects)
          	$(CC) $(LDFLAGS) -o $@ $^
          
          clean:
          	rm -f src/*.o $(target)
          
          install: all
          	strip --strip-unneeded $(target)
          	cp $(target) $(libdir)/$(target)
          
          uninstall:
          	rm $(libdir)/$(target)

Before running make install You can check if the linking is correct with:

$ ldd -r pam_privacyidea.so

You should get a bunch of library paths and no undefined symbol: message.

Qintiy · May 31, 2024, 4:18pm

I do get some undefined symbols with the your released pam (Release v1.0.0 · privacyidea/privacyidea-pam · GitHub)

I tried everything I could think of and googled and nothing helps still get same undefined symbols. Looked in pam and ask in pam and they sad that is the privacyidea_pam problem and when I ask here in privacyidea they say is pam or os problem and couldn’t find and solutions.

plettich · June 3, 2024, 9:11am

Please try building the module with the $(LDFLAGS) put at the end of the command in the Makefile as described in the above post.

Qintiy · June 3, 2024, 10:54am

it works now, thanks.