on Jun 14, 2016Article Content
| Article Number | 000028076 |
| Applies To | Redhat 5 64 bit Apache prepackaged module 2.2.3 ($APACHEHOME=/etc/httpd) |
| Issue | SecurID agent 7.1 for Apache 2.2.X on RHEL 5 64 bit: unable to start apache after installing agent, "error while loading shared libraries: libaceclnt.so: cannot open shared object file: No such file or directory" After installing apache against the prepackaged rpm version of apache that comes with RHEL 5, (2.2.3), apache will not start and the following errors appear in the /etc/httpd/logs/error_log: Thu Jan 24 15:51:11 2013] [notice] caught SIGTERM, shutting down rpc_server 18165 started by 18154 AceShutdown try to kill process 18165 acestatus: error while loading shared libraries: libaceclnt.so: cannot open shared object file: No such file or directory rpc_server 20358 started by 20348 RSALogoffCookieService: error while loading shared libraries: libaceclnt.so: cannot open shared object file: No such file or directory [Thu Jan 24 15:51:20 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) start child 20359 |
| Cause | Prepackaged RPMs have historically been known to cause certain incompatibilities with the Securid agent. The agent was qualified with apache when compiled from source, not with the prepackaged modules that come with the RHEL 5 operating system. Reference: http://www.emc.com/security/rsa-securid/rsa-authentication-agents/apache-7-1.htm "Apache versions mentioned here refer to distributions available on www.apache.org. Prepackaged Apache modules available from other sources or vendors can result in incorrect behavior or missing functionality in the RSA agent.: In this particular use case, the $APACHEHOME is /etc/httpd, therefore when installing the agent, the agent will install to /etc/httpd/rsawebagent. The RSA web agent expects to find the lib and bin directories (and their contents) a subordinate to $APACHEHOME, i.e. /etc/httpd/lib and /etc/httpd/bin respectively. In the use case of the precompiled rpm from RHEL, it is not. The httpd executable for the rpm version from Red Hat is /usr/sbin, not /usr/local/apache (if --prefix=/usr/local/apache was used when apache was compiled from source), and when looking at an ldd /usr/sbin/httpd, it will search /lib64 and /usr/lib64, thusly be unable to locate or execute calls to libaceclnt.so. |
| Resolution | To insure 100% compatibility, regardless of RSA apache agent version, apache needs be compiled from source for 100% compatibility., The agent should then be applied to the compiled from source instance of apache. The agent was not qualified on apache 2.2.3, and there are known issues by using the prepackaged version (for example, new pin mode may not work, throwing a 103 error when the prepackaged version vs compiling from source is used) In instances where you must use the apache rpm that is bundled with redhad, the following workaround may be used, noting that there may be other issues as the agent was not qualified with the 2.2.3 rpm version from Red Hat after the agent is installed: Execute these commands as root: Create a symbolic link to the libaceclnt.so in the /lib64 directory: cd /lib64 ln -s /etc/httpd/rsawebagent/libaceclnt.so libaceclnt.so To view the link: ls -al libaceclnt.so lrwxrwxrwx 1 root root 36 Jan 24 15:52 libaceclnt.so - /etc/httpd/rsawebagent/libaceclnt.so See: a51558 |
| Legacy Article ID | a60577 |