Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2645: Centrify-enabled OpenSSH crashes while SSL is enabled in OpenLDAP

Authentication Service ,  

12 April,16 at 11:09 AM

Applies to: Centrify-enabled OpenSSH 5.9p1-4.5.3.557  on RedHat Enterprise Linux 4 update 8.
 
Problem:
 
OpenLDAP is configured with SSL enabled and Centrify DirectControl on the same Linux server. 
 
However a segfault error is reported while attempting an SSH connection:
 
Oct 17 16:16:44 server1 centrify-sshd: SSH Server Stopped succeeded
Oct 17 16:16:57 server1 sshd: succeeded
Oct 17 16:17:10 server1 sshd(pam_unix)[22781]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=testmachine.abc.com user=ABC
Oct 17 16:17:12 server1 sshd(pam_unix)[22781]: session opened for user ABC
by (uid=0)
Oct 17 16:17:28 server1 sshd: sshd -TERM succeeded
Oct 17 16:17:33 server1 sshd[22975]: Server listening on :: port 22.
Oct 17 16:17:33 server1 sshd[22975]: Server listening on 0.0.0.0 port 22.
Oct 17 16:17:36 server1 sshd(pam_unix)[22781]: session closed for user ABC
Oct 17 16:18:31 server1 sshd(pam_unix)[22986]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=testmachine.abc.com user=ABC
Oct 17 16:18:31 sdtstem01 kernel: sshd[22986]: segfault at 0000000000000020 rip
0000002a95ba8a0d rsp 0000007fbfffe0b0 error 4
 
Cause:
 
There is a compatibility issue with the system's libssl.
 
  
Workaround:
 
Preload Centrify's libssl before running the SSH daemon.
 
Please edit /etc/init.d/centrify-sshd and insert a line before line 94 (i.e. Before starting centrify-sshd):
 
export LD_PRELOAD=/usr/share/centrifydc/lib64/libssl.so
 
Save the file and then restart centrify-sshd:
 
/etc/init.d/centrify-sshd restart
 
 
Resolution:
 
There is a static link libssl in latter releases (Centrify-enabled OpenSSH 6.0p1)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6041: How to show current license type in use by adclient articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? article[TIPS] A Centrify Server Suite Cheat Sheet articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer?