Bug #2407

openpam won't look for pkgsrc pam module path

Added by srussell over 2 years ago. Updated 3 months ago.

Status:FeedbackStart date:08/18/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Userland
Target version:3.9.x

Description

When I try to load pam modules that where installed from pkgsrc, they're installed in /usr/pkg/lib/security, which is not included in the openpam's search paths defined at compile time. I'm getting this error:

Aug 18 12:45:38 yyy login: in openpam_dynamic(): No such file or directory
Aug 18 12:45:38 yyy login: in openpam_load_module(): no pam_xxx.so found
Aug 18 12:45:38 yyy login: pam_start(): system error

The complete path is not specified in the default pam.d service files that comes with DragonFly.

History

#1 Updated by swildner over 2 years ago

  • Priority changed from Low to Normal

Can you describe a bit what you are doing?

How are you loading them? Does it work if you pass an absolute path to openpam_load_module()?

Which are the pkgsrc packages that have the modules?

Regards,
Sascha

#2 Updated by swildner over 2 years ago

After re-reading your report, I assume you are passing the module name somewhere in /etc/pam.d.

Does it work if you specify an absolute path to the module(s) in pkgsrc there?

#3 Updated by srussell over 2 years ago

I'm not sure about your last question. I'm adding the pam-krb5 package alone, to use with login, xdm and the like. So the problem is not with any specific package. Theses clients are not aware of the existence of pam-krb5 itself. For what I understand, all path specifications can only be done in /etc/pam.d.

The default pam configuration files in DragonFly and pkgsrc are specifying pam_krb5.so without the path. pkgsrc seems to take for granted that /usr/pkg/lib/security is in the libpam search path. To fix this, I added the complete path with all pam_krb5.so modules with success.

I noticed that the build of libpam is made with this flag: -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'

This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'

This parameter is hardcoded and for what I see, there is no way to add dynamically other search paths.

#4 Updated by swildner over 2 years ago

On Sun, 02 Sep 2012 15:30:27 +0200, Stephane Russell via Redmine
<> wrote:

> The default pam configuration files in DragonFly and pkgsrc are
> specifying pam_krb5.so without the path. pkgsrc seems to take for
> granted that /usr/pkg/lib/security is in the libpam search path. To fix
> this, I added the complete path with all pam_krb5.so modules with
> success.
>
> I noticed that the build of libpam is made with this flag:
> -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'
>
> This flag is defined here:
> lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
> lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'
>
> This parameter is hardcoded and for what I see, there is no way to add
> dynamically other search paths.

Yeah this is what I meant, it is just one dir and not a list. The only way
to override it (from looking at openpam_dynamic.c) seems to be an absolute
path:

[...]
/* Prepend the standard prefix if not an absolute pathname. */
if (path[0] != '/')
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
[...]

Sascha

#5 Updated by tuxillo 7 months ago

  • Description updated (diff)
  • Category set to Userland
  • Status changed from New to Feedback
  • Target version set to 3.9.x

Hi,

I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.

Can you please retry it?

Best regards,
Antonio Huete

#6 Updated by srussell 7 months ago

I'll have to install 3.8 before trying it. I'll get back with this in the next weeks. Thanks.

#7 Updated by srussell 3 months ago

I finally had time to upgrade my station to DF 3.8.2. PAM's behavior didn't change compared to DF 3.6.

PAM is working fine only when so modules installed or symlinked in /usr/lib/security, or referred from their complete path (ex: /usr/local/lib/pam_krb5.so). This is because the directory is hard linked in BSDs.

Regards,

SR

tuxillo wrote:
> Hi,
>
> I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
> It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.
>
> Can you please retry it?
>
> Best regards,
> Antonio Huete

Also available in: Atom PDF