Project

General

Profile

Actions

Bug #2407

closed

openpam won't look for pkgsrc pam module path

Added by srussell over 9 years ago. Updated 4 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Userland
Target version:
Start date:
08/18/2012
Due date:
% Done:

0%

Estimated time:

Description

When I try to load pam modules that where installed from pkgsrc, they're installed in /usr/pkg/lib/security, which is not included in the openpam's search paths defined at compile time. I'm getting this error:

Aug 18 12:45:38 yyy login: in openpam_dynamic(): No such file or directory
Aug 18 12:45:38 yyy login: in openpam_load_module(): no pam_xxx.so found
Aug 18 12:45:38 yyy login: pam_start(): system error

The complete path is not specified in the default pam.d service files that comes with DragonFly.

Actions #1

Updated by swildner over 9 years ago

  • Priority changed from Low to Normal

Can you describe a bit what you are doing?

How are you loading them? Does it work if you pass an absolute path to openpam_load_module()?

Which are the pkgsrc packages that have the modules?

Regards,
Sascha

Actions #2

Updated by swildner over 9 years ago

After re-reading your report, I assume you are passing the module name somewhere in /etc/pam.d.

Does it work if you specify an absolute path to the module(s) in pkgsrc there?

Actions #3

Updated by srussell about 9 years ago

I'm not sure about your last question. I'm adding the pam-krb5 package alone, to use with login, xdm and the like. So the problem is not with any specific package. Theses clients are not aware of the existence of pam-krb5 itself. For what I understand, all path specifications can only be done in /etc/pam.d.

The default pam configuration files in DragonFly and pkgsrc are specifying pam_krb5.so without the path. pkgsrc seems to take for granted that /usr/pkg/lib/security is in the libpam search path. To fix this, I added the complete path with all pam_krb5.so modules with success.

I noticed that the build of libpam is made with this flag: -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'

This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'

This parameter is hardcoded and for what I see, there is no way to add dynamically other search paths.

Actions #4

Updated by swildner about 9 years ago

On Sun, 02 Sep 2012 15:30:27 +0200, Stephane Russell via Redmine
<> wrote:

The default pam configuration files in DragonFly and pkgsrc are
specifying pam_krb5.so without the path. pkgsrc seems to take for
granted that /usr/pkg/lib/security is in the libpam search path. To fix
this, I added the complete path with all pam_krb5.so modules with
success.

I noticed that the build of libpam is made with this flag:
-DOPENPAM_MODULES_DIR='"/usr/lib/security/"'

This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'

This parameter is hardcoded and for what I see, there is no way to add
dynamically other search paths.

Yeah this is what I meant, it is just one dir and not a list. The only way
to override it (from looking at openpam_dynamic.c) seems to be an absolute
path:

[...]
/* Prepend the standard prefix if not an absolute pathname. */
if (path0 != '/')
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
[...]

Sascha

Actions #5

Updated by tuxillo over 7 years ago

  • Description updated (diff)
  • Category set to Userland
  • Status changed from New to Feedback
  • Target version set to 3.9.x

Hi,

I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.

Can you please retry it?

Best regards,
Antonio Huete

Actions #6

Updated by srussell over 7 years ago

I'll have to install 3.8 before trying it. I'll get back with this in the next weeks. Thanks.

Actions #7

Updated by srussell about 7 years ago

I finally had time to upgrade my station to DF 3.8.2. PAM's behavior didn't change compared to DF 3.6.

PAM is working fine only when so modules installed or symlinked in /usr/lib/security, or referred from their complete path (ex: /usr/local/lib/pam_krb5.so). This is because the directory is hard linked in BSDs.

Regards,

SR

tuxillo wrote:

Hi,

I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.

Can you please retry it?

Best regards,
Antonio Huete

Actions #8

Updated by tuxillo almost 7 years ago

  • Target version changed from 3.9.x to 4.2

Hi,

Would it be possible that you tried it with latest release?

Cheers,
Antonio Huete

Actions #9

Updated by tuxillo 7 months ago

  • Target version changed from 4.2 to 6.0
Actions #10

Updated by tuxillo 4 days ago

  • Status changed from Feedback to Closed

We no longer use pkgsrc.

Actions

Also available in: Atom PDF