I've built a simple, custom, PAM module and the module works as expected with pamtester and with some other pam testing code I found online.
I've also built a simple dotnet core application which uses pinvoke to authenticate against pam.
As mentioned, the custom module works with pamtester and the custom dotnet app works (up to the point of receiving the conv callback) against the default ubuntu 15.10 pam setup.
However, if I hook the custom app up to the custom PAM module, I get an error in auth.log to say
dotnet: PAM unable to dlopen(pam_permit_log_response.so): /lib/security/pam_permit_log_response.so: cannot open shared object file: No such file or directory ... so it doesn't find the module in the /lib/x86_64-linux-gnu/security when calling into pam from dotnet to the custom module
If I change the pam config file to include the full path to the module then I get the error
dotnet: PAM unable to dlopen(/lib/x86_64-linux- gnu/security/pam_permit_log_response.so): /lib/x86_64-linux- gnu/security/pam_permit_log_response.so: undefined symbol: pam_syslog So it seems like it's still failing to resolve things, this time it's the references in the custom pam module.
Could anyone point me in the right direction in terms of:
- Why PAM fails to find my custom module but can find the default ubuntu modules?
- Why that only happens when calling into pam from dotnet
- How I can build and/or configure my custom pam module to behave the same as the pre-existing system modules?
