/var/log/secure gets slammed with these errors every time anyone tries to connect to any service which requires authorization:

Deprecated pam_stack module called from service
     [servicename]
pam_env([servicename]:setcred):
     Unable to open env file: /etc/environment

The fix has been elusive, as Ensim continues to re-write the pam.d files, but running this script will take care of both issues posthaste.

Save this as /usr/local/sbin/fix_pam:

#!/bin/sh

# -----------------------------------------------------------------------------
#
# fix_pam ver 1.0a
#
# (c) Copyright 2007 Mark Steel / Catalyst IT. All rights reserved.
#
# This script may only be distributed unmodified.
#
# This script is intended to be used to fix the "depracated pam stack module"
# errors on servers and virtual hosts.
#
# NOTE: THIS SCRIPT IS NOT GPL
#
# -----------------------------------------------------------------------------

perl -i -p -e 's/required(.*)pam_stack.so service=system-auth/include\tsystem-auth/' /etc/pam.d/*
perl -i -p -e 's/pam_pwdb/pam_unix/' /etc/pam.d/*
perl -i -p -e 's/pam_env.so$/pam_env.so readenv=0/' /etc/pam.d/system-auth

perl -i -p -e 's/pam_env.so$/pam_env.so readenv=0/' /home/virtual/FILESYSTEMTEMPLATE/siteinfo/etc/pam.d/system-auth
VIRTUAL=`find /home/virtual/FILESYSTEMTEMPLATE -name pam.d`
for i in $VIRTUAL; do
perl -i -p -e 's/required(.*)pam_stack.so service=system-auth/include\tsystem-auth/' $i/*
perl -i -p -e 's/pam_pwdb/pam_unix/' $i/*
done

DOMAINS=`sitelookup -a site_root`
for i in $DOMAINS; do
perl -i -p -e 's/required(.*)pam_stack.so service=system-auth/include\tsystem-auth/' $i/etc/pam.d/*
perl -i -p -e 's/pam_pwdb/pam_unix/' $i/etc/pam.d/*
perl -i -p -e 's/pam_env.so$/pam_env.so readenv=0/' $i/etc/pam.d/system-auth
done

service saslauthd restart

Run once, and you’re golden.

Leave a Reply