我正在使用 Ubuntu 16.04.5 LTS。我尝试读取日志文件以查找错误。最有趣的是以下内容:
cat /var/log/auth.log | egrep "unable|faulty"
Nov 25 13:25:13 localhost su[4491]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 25 13:25:13 localhost su[4491]: PAM adding faulty module: pam_winbind.so
Nov 25 13:25:13 localhost systemd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 25 13:25:13 localhost systemd: PAM adding faulty module: pam_winbind.so
Nov 25 13:29:21 localhost smbd: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
Nov 25 13:29:21 localhost smbd: PAM adding faulty module: pam_winbind.so
Nov 25 13:39:01 localhost CRON[5247]: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
...
Nov 26 23:53:53 localhost lightdm: PAM adding faulty module: pam_kwallet.so
Nov 26 23:53:53 localhost lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Nov 26 23:53:53 localhost lightdm: PAM adding faulty module: pam_kwallet5.so
Nov 26 23:53:53 localhost lightdm: PAM unable to dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
...
系统完整性正确 -debsums --config --changed没有报告/etc/pam.d目录的任何变化。
未安装库文件:
$ dpkg -S pam_winbind.so
dpkg-query: no path found matching pattern *pam_winbind.so*
$ dpkg -S pam_kwallet.so
dpkg-query: no path found matching pattern *pam_kwallet.so*
$ dpkg -S pam_kwallet5.so
dpkg-query: no path found matching pattern *pam_kwallet5.so*
为什么这些消息会出现在 中/var/log/auth.log?我应该修复它们吗?
答案1
可以通过安装相应的软件包来删除这些警告:
sudo apt-get install libpam-kwallet4 libpam-kwallet5 libpam-winbind
但我得到了有趣的结果 - 我的用户仅被列出在其组中。
通过删除两个 kwallet 包解决了这个问题:
sudo apt-get purge libpam-kwallet4 libpam-kwallet5
上述 KWallet 问题在 LaunchPad 上被称为错误 1781418。
因此删除这些警告是个坏主意。我肯定会删除 PAM winbind:
sudo apt-get purge libpam-winbind
答案2
我只是想说一下,我遇到了一个类似的错误,与另一个淹没我的 journald 的包有关
$ journalctl -xe
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.
Pass -q to turn off this notice.
Dec 13 21:35:31 uminefi01 sudo[168527]: pam_unix(sudo:session): session closed >
Dec 13 21:35:40 uminefi01 sudo[168564]: PAM unable to dlopen(pam_zfs_key.so): />
Dec 13 21:35:40 uminefi01 sudo[168564]: PAM adding faulty module: pam_zfs_key.so
Dec 13 21:35:40 uminefi01 sudo[168564]: avery : TTY=pts/0 ; PWD=/home/avery/>
Dec 13 21:35:40 uminefi01 sudo[168564]: pam_unix(sudo:session): session opened >
Dec 13 21:35:40 uminefi01 sudo[168564]: pam_unix(sudo:session): session closed >
Dec 13 21:35:51 uminefi01 sudo[168599]: PAM unable to dlopen(pam_zfs_key.so): />
Dec 13 21:35:51 uminefi01 sudo[168599]: PAM adding faulty module: pam_zfs_key.so
... 等等 ...
找到它apt-file,显然它只是没有安装
$ sudo dpkg -S pam_zfs_key.so
dpkg-query: no path found matching pattern *pam_zfs_key.so*
$ apt-file search pam_zfs_key.so
libpam-zfs: /lib/x86_64-linux-gnu/security/pam_zfs_key.so
$ sudo apt install -y libpam-zfs
现在我可以再次使用 journald 来调试实际问题