Oula la! --On Thursday, September 19, 2002 5:55 AM -0700 Admin-Stress <[EMAIL PROTECTED]> wrote:
> After I upgraded to openssl-0.9.6g (also openssl-engine) on my RedHat > 7.3, I got several problem. > > (1) qmail-pop3d can not authenticate my username and password > > (2) openssh (sshd) 3.4p1 also can not authenticate my username and > password, not root account > > Do I need to recompile ALL applications? No... > I tried with openssh, I removed ssh* in /usr/local/etc/ /usr/local/sbin > /usr/local/bin, recompiled, make install again. But still, the problem > exist. > > Then I read a workaround that I must build openssh --with-pam, and I did > that. It's work! > > But why? Why do I need to use 'pam' after upgrading? Should I recompile > all applications with 'pam' ? Just means that OpenSSH checks logins with the 'pam' (pluggable authentication modules) mechanism. This is the default on RH. Compiling OpenSSH --with-pam affects NOTHING else than the resulting OpenSSH. > This will be problem if my application does not support 'pam'. No. Then your application will read /etc/password directly or whatever. > 'checkpassword' for qmail-pop3d does not support pam, if I am not > mistaken. Possibly not. But the correct phrasing is 'does not use pam'. > Or maybe my upgrade process was wrong? (see below) > > Please help me. > Any additional error messages? Log file data? > Thanks, > kapot > > I followed this when upgraded my openssl : > > Upgrading OPENSSL on RedHat 7.3 (Simple Guide) > ============================================== > > * Download latest openssl AND openssl-engine from : > > http://www.openssl/org -OR- > http://openssl.planetmirror.com > > * Copy all *.tar.gz to /tmp > > * Building openssl-0.9.6g > > cd /tmp > tar -zxvf openssl-0.9.6g.tar.gz > cd openssl-0.9.6g.tar.gz > ./config shared > make > make test > make install > > * Building openssl-engine.0.9.6g > > cd /tmp > tar -zxvf openssl-engine-0.9.6g.tar.gz > cd openssl-engine-0.9.6g.tar.gz > ./config shared > make > make test > make install > > * Remove old openssl rpm > > rpm --erase --nodeps openssl > > * Link new files > > cd /usr/lib > rm libcrypto.so > rm libcrypto.so.1 > rm libcrypto.so.2 > rm libssl.so > rm libssl.so.1 > rm libssl.so.2 > ln -s /usr/local/ssl/lib/libcrypto.so libcrypto.so > ln -s /usr/local/ssl/lib/libcrypto.so libcrypto.so.1 > ln -s /usr/local/ssl/lib/libcrypto.so libcrypto.so.2 > ln -s /usr/local/ssl/lib/libssl.so libssl.so > ln -s /usr/local/ssl/lib/libssl.so libssl.so.1 > ln -s /usr/local/ssl/lib/libssl.so libssl.so.2 > > ln -s /usr/local/ssl/include/ /usr/include/ssl > > cd /usr/include > rm -rf openssl > ln -s /usr/local/ssl/include/openssl openssl > > * Rerun ldconfig > > cd /etc > rm ld.so.cache > > vi ld.so.conf > > - add /usr/local/ssl/lib > - add /usr/local/lib <-- optional > > ldconfig > > * Done > > Thanks to "David Tonhofer, m-plify S.A." <[EMAIL PROTECTED]> > > > __________________________________________________ > Do you Yahoo!? > New DSL Internet Access from SBC & Yahoo! > http://sbc.yahoo.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
