Bug #2407
openpam won't look for pkgsrc pam module path
0%
Description
When I try to load pam modules that where installed from pkgsrc, they're installed in /usr/pkg/lib/security, which is not included in the openpam's search paths defined at compile time. I'm getting this error:
Aug 18 12:45:38 yyy login: in openpam_dynamic(): No such file or directory
Aug 18 12:45:38 yyy login: in openpam_load_module(): no pam_xxx.so found
Aug 18 12:45:38 yyy login: pam_start(): system error
The complete path is not specified in the default pam.d service files that comes with DragonFly.
History
Updated by swildner over 8 years ago
- Priority changed from Low to Normal
Can you describe a bit what you are doing?
How are you loading them? Does it work if you pass an absolute path to openpam_load_module()?
Which are the pkgsrc packages that have the modules?
Regards,
Sascha
Updated by swildner over 8 years ago
After re-reading your report, I assume you are passing the module name somewhere in /etc/pam.d.
Does it work if you specify an absolute path to the module(s) in pkgsrc there?
Updated by srussell over 8 years ago
I'm not sure about your last question. I'm adding the pam-krb5 package alone, to use with login, xdm and the like. So the problem is not with any specific package. Theses clients are not aware of the existence of pam-krb5 itself. For what I understand, all path specifications can only be done in /etc/pam.d.
The default pam configuration files in DragonFly and pkgsrc are specifying pam_krb5.so without the path. pkgsrc seems to take for granted that /usr/pkg/lib/security is in the libpam search path. To fix this, I added the complete path with all pam_krb5.so modules with success.
I noticed that the build of libpam is made with this flag: -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'
This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'
This parameter is hardcoded and for what I see, there is no way to add dynamically other search paths.
Updated by swildner over 8 years ago
On Sun, 02 Sep 2012 15:30:27 +0200, Stephane Russell via Redmine
<bugtracker-admin@leaf.dragonflybsd.org> wrote:
> The default pam configuration files in DragonFly and pkgsrc are
> specifying pam_krb5.so without the path. pkgsrc seems to take for
> granted that /usr/pkg/lib/security is in the libpam search path. To fix
> this, I added the complete path with all pam_krb5.so modules with
> success.
>
> I noticed that the build of libpam is made with this flag:
> -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'
>
> This flag is defined here:
> lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
> lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'
>
> This parameter is hardcoded and for what I see, there is no way to add
> dynamically other search paths.
Yeah this is what I meant, it is just one dir and not a list. The only way
to override it (from looking at openpam_dynamic.c) seems to be an absolute
path:
[...]
/* Prepend the standard prefix if not an absolute pathname. */
if (path[0] != '/')
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
[...]
Sascha
Updated by tuxillo over 6 years ago
- Description updated (diff)
- Category set to Userland
- Status changed from New to Feedback
- Target version set to 3.9.x
Hi,
I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.
Can you please retry it?
Best regards,
Antonio Huete
Updated by srussell over 6 years ago
I'll have to install 3.8 before trying it. I'll get back with this in the next weeks. Thanks.
Updated by srussell over 6 years ago
I finally had time to upgrade my station to DF 3.8.2. PAM's behavior didn't change compared to DF 3.6.
PAM is working fine only when so modules installed or symlinked in /usr/lib/security, or referred from their complete path (ex: /usr/local/lib/pam_krb5.so). This is because the directory is hard linked in BSDs.
Regards,
SR
tuxillo wrote:
> Hi,
>
> I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
> It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.
>
> Can you please retry it?
>
> Best regards,
> Antonio Huete
Updated by tuxillo about 6 years ago
- Target version changed from 3.9.x to 4.2.x
Hi,
Would it be possible that you tried it with latest release?
Cheers,
Antonio Huete