AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
  • 1.  sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Fri June 13, 2025 12:32 PM

    sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so



    ------------------------------
    SIRISHA BEZAWADA
    ------------------------------


  • 2.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Mon June 16, 2025 01:35 PM

    Hi Sirisha, any more context on what you're trying to do, what product is responsible for this module, etc?



    ------------------------------
    Hrithik Govardhan
    Senior Engineer
    Rocket Software
    MN
    ------------------------------



  • 3.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Tue June 17, 2025 07:43 AM
    Hello Hrithik,

    Its related MFA configuration using radius server.

    We suspect some library files missed, could you please share steps how install yum or dnf in AIX server.
    Its a AIX 7.2 TL5 SP8 server

    Thanks & Regards,
    Sirisha.





  • 4.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Fri June 20, 2025 04:29 AM

    Hi Sirisha,

    please execute the following command and paste the output:

    ldd /usr/lib/security/pam_radius_auth.so


    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------



  • 5.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Wed June 18, 2025 01:02 PM

    hi Hrithik,

    could you please see my query and share your response.



    ------------------------------
    SIRISHA BEZAWADA
    ------------------------------



  • 6.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Thu June 19, 2025 01:54 AM

    Hi Sirisha-  Unfortunately, I would need more details on the client side application you are trying to install - this module is not part of the PowerSC MFA installer - is this another product that you are testing?



    ------------------------------
    Hrithik Govardhan
    Senior Engineer
    Rocket Software
    MN
    ------------------------------



  • 7.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted Thu June 19, 2025 07:30 AM
    Hi Hrithik,

    Its related to MFA authentication using free-radius configuration.

    bash-4.2# pwd
    /tmp/FreeRadius
    bash-4.2# ls -ltr
    total 504
    -rw-r--r--    1 root     system       188654 Jun 12 15:48 freeradius-pam-2.0.0-1.src.rpm
    -rw-r--r--    1 root     system        64052 Jun 12 16:12 freeradius-pam-2.0.0-1.aix7.1.ppc.rpm
    bash-4.2# rpm -ivh freeradius-pam-2.0.0-1.aix7.1.ppc.rpm
    bash-4.2# ls -ltr /usr/lib/security/pam_radius_auth.so
    -rwxr-xr-x    1 root     system       133483 Mar 25 2022  /usr/lib/security/pam_radius_auth.so
    bash-4.2#
    Configuring pam
    On the client Node, to configure the client to authenticate with the pam server the corresponding server node details have to be provided in the below file in the required format.
    bash-4.2# cat /etc/raddb/server
    10.210.128.14:1645  Unix-BigDog12!      60
    10.209.211.22:1645  Unix-BigDog12!      60
    172.23.36.4:1645    Unix-BigDog12!      60
    bash-4.2#
     
    # /etc/pam.conf  "Added these new lines"
    bash-4.2# tail -5f /etc/pam.conf
    sshd auth sufficient /usr/lib/security/pam_radius_auth.so
    sshd account required /usr/lib/security/pam_aix
    sshd password required /usr/lib/security/pam_aix
    sshd session required /usr/lib/security/pam_aix
    bash-4.2#
     
    # /etc/security/login.cfg   "Changed the type of auth_type from STD_AUTH to PAM_AUTH"
    bash-4.2# tail -8f /etc/security/login.cfg
    usw:
            shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
            maxlogins = 32767
            logintimeout = 60
            maxroles = 8
            auth_type = PAM_AUTH
            pwd_algorithm = ssha256
    bash-4.2#
     
    # /etc/ssh/sshd_config    "Changed the below attributes"
     
    PasswordAuthentication no
    PermitEmptyPasswords no
    UsePrivilegeSeparation no
    ChallengeResponseAuthentication yes
    UsePAM yes
     
    Once the above changes are made, restarted the sshd service.
    stopsrc -s sshd
    startsrc -s sshd
    Note: We have followed same process another servers also and it is working fine, but facing in in this server only.


    Thanks & Regards,
    Sirisha.





  • 8.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 21 days ago
    Hello Hrithik,

    AIX MFA set up is working with free-radius method.

    Any idea how to exclude user ids from MFA authentication. SSH should work for application id logins and MFA authentication should enable for OS level users.

    Please assist on this matter

    Thanks & Regards,
    Sirisha.





  • 9.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 20 days ago

    Hi Sirisha- you will need to work with the individual PAM modules in play in order to achieve user bifurcation. The MFA PAM modules support an allow list - users in this list will not be subject to any MFA processing. I am not able to comment on the freeradius module as I have not worked with it. Best-



    ------------------------------
    Hrithik Govardhan
    Senior Engineer
    Rocket Software
    MN
    ------------------------------