09-04-2012 04:09 PM
I have an old HP-UX 11.23 box I am supporting, and recently had to upgrade the openssl to fix several OpenSSL vulnerabilities. After updating I am getting weird errors in the syslog everytime someone logs in:
error: PAM: pam_open_session(): Can not make/remove entry for session
It does not appear to prevent the sessions or cause problems. The versions of the software I have installed:
# swlist | grep -i ssl
OpenSSL A.00.09.08w.002 Secure Network Communications Protocol
openssl 0.9.8k openssl
Solved! Go to Solution.
09-11-2012 06:10 AM
Have a look at your /etc/pam.conf, you could be missing an entry for session management... if there are no "sshd" entries, then ssh will use "other" for auth, account, session and password management when using pam.
If you aren't sure what to look for in your pam.conf, post it here or at the very least post the output from:
grep -i -E 'sshd|other' /etc/pam.conf
You could also review the /usr/newconfig/etc/pam.conf file paying close attention to any 'sshd' or 'other' entries and comparing those to your /etc/pam.conf file.
Was anything else updated at the time you updated openssl? Maybe SecureShell?
05-28-2013 09:56 AM
I ended up waiting until the next release of OpenSSL was available and installed "A.00.09.08y.002" on the affected server. I also removed the 0.9.8k version, as that appears to be an old version. After updating/removing depots, the errors being generated stopped appearing in syslog.log.
I went back and did an md5 on the old openssl package and it appers to be a corrupt download.