Bug #2407
closedopenpam won't look for pkgsrc pam module path
0%
Description
When I try to load pam modules that where installed from pkgsrc, they're installed in /usr/pkg/lib/security, which is not included in the openpam's search paths defined at compile time. I'm getting this error:
Aug 18 12:45:38 yyy login: in openpam_dynamic(): No such file or directory
Aug 18 12:45:38 yyy login: in openpam_load_module(): no pam_xxx.so found
Aug 18 12:45:38 yyy login: pam_start(): system error
The complete path is not specified in the default pam.d service files that comes with DragonFly.
Updated by swildner over 12 years ago
- Priority changed from Low to Normal
Can you describe a bit what you are doing?
How are you loading them? Does it work if you pass an absolute path to openpam_load_module()?
Which are the pkgsrc packages that have the modules?
Regards,
Sascha
Updated by swildner over 12 years ago
After re-reading your report, I assume you are passing the module name somewhere in /etc/pam.d.
Does it work if you specify an absolute path to the module(s) in pkgsrc there?
Updated by srussell over 12 years ago
I'm not sure about your last question. I'm adding the pam-krb5 package alone, to use with login, xdm and the like. So the problem is not with any specific package. Theses clients are not aware of the existence of pam-krb5 itself. For what I understand, all path specifications can only be done in /etc/pam.d.
The default pam configuration files in DragonFly and pkgsrc are specifying pam_krb5.so without the path. pkgsrc seems to take for granted that /usr/pkg/lib/security is in the libpam search path. To fix this, I added the complete path with all pam_krb5.so modules with success.
I noticed that the build of libpam is made with this flag: -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'
This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'
This parameter is hardcoded and for what I see, there is no way to add dynamically other search paths.
Updated by swildner over 12 years ago
On Sun, 02 Sep 2012 15:30:27 +0200, Stephane Russell via Redmine
<bugtracker-admin@leaf.dragonflybsd.org> wrote:
The default pam configuration files in DragonFly and pkgsrc are
specifying pam_krb5.so without the path. pkgsrc seems to take for
granted that /usr/pkg/lib/security is in the libpam search path. To fix
this, I added the complete path with all pam_krb5.so modules with
success.I noticed that the build of libpam is made with this flag:
-DOPENPAM_MODULES_DIR='"/usr/lib/security/"'This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'This parameter is hardcoded and for what I see, there is no way to add
dynamically other search paths.
Yeah this is what I meant, it is just one dir and not a list. The only way
to override it (from looking at openpam_dynamic.c) seems to be an absolute
path:
[...]
/* Prepend the standard prefix if not an absolute pathname. */
if (path0 != '/')
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
[...]
Sascha
Updated by tuxillo over 10 years ago
- Description updated (diff)
- Category set to Userland
- Status changed from New to Feedback
- Target version set to 3.9.x
Hi,
I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.
Can you please retry it?
Best regards,
Antonio Huete
Updated by srussell over 10 years ago
I'll have to install 3.8 before trying it. I'll get back with this in the next weeks. Thanks.
Updated by srussell about 10 years ago
I finally had time to upgrade my station to DF 3.8.2. PAM's behavior didn't change compared to DF 3.6.
PAM is working fine only when so modules installed or symlinked in /usr/lib/security, or referred from their complete path (ex: /usr/local/lib/pam_krb5.so). This is because the directory is hard linked in BSDs.
Regards,
SR
tuxillo wrote:
Hi,
I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.Can you please retry it?
Best regards,
Antonio Huete
Updated by tuxillo almost 10 years ago
- Target version changed from 3.9.x to 4.2
Hi,
Would it be possible that you tried it with latest release?
Cheers,
Antonio Huete
Updated by tuxillo about 3 years ago
- Status changed from Feedback to Closed
We no longer use pkgsrc.