I'd like to reopen the discussion about possible dlopen anomalies when calling PAM from Java via JNI. I created a C testbed to call PAM and this works fine. I had to add -lpam and -ldl to the link line as expected but when I run nm on the testbed I see that the calls to pam are unresolved. I think this is good since PAM is a shared library and I don't want to statically link in the code. Now to the Java/JNI side of things. I basically call the same code as above only with a JNI wrapper to it. When I run it I get error 28, module is unknown. In the /var/log/messages file I see : java_ns: PAM unable to dlopen(/lib/security/pam_pwdb.so) java_ns: PAM [dlerror: /lib/security/pam_pwdb.so: undefined symbol: pam_get_item] java_ns: PAM adding faulty module: /lib/security/pam_pwdb.so I looked into the pam source and in pam_handlers.c I can see the code which is producing these error messages. I interpret these errors as; pam is trying to load a module (pam_pwdb.so) which fails due to an undefined symbol (pam_get_item). I know that pam_get_item is defined and is in the very same library as the code which is producing the error. This leads me to think that the code which dlopen'ed libpam.so did so without the RTLD_GLOBAL flag set. Coming back to the C testbed, I certainly didn't call dlopen for libpam.so so something else did it for me. When I run nm on the Java/JNI shared library which I also linked with -lpam and -ldl I see again that the calls to pam are unresolved. When I make the Java call to load the Java/JNI shared library this is only to load, in effect, the same code as the C testbed - which works. When this is in turn called it reports the fact via a printf so I know it is being loaded. So to my question; I've not written any code to load libpam.so so why does it fail when running under Java/JNI? There has been some discussion on the list that it's down to the Java loadLibrary call but I don't think this is the case. If the loadLibrary call doesn't set the RTLD_GLOBAL flag to dlopen then it just means that the particular library cannot be used for further symbol resolution. This is fine as there are no symbols to resolve other than the single point of entry. What I think is going wrong is the mechanism by which libpam.so is magically loaded. Are there external influences such as a controlling terminal to control how it gets loaded? Thanks for any help. Andy.
