DragonFlyBSD

After re-reading your report, I assume you are passing the module name somewhere in /etc/pam.d.

Does it work if you specify an absolute path to the module(s) in pkgsrc there?

I'm not sure about your last question. I'm adding the pam-krb5 package alone, to use with login, xdm and the like. So the problem is not with any specific package. Theses clients are not aware of the existence of pam-krb5 itself. For what I understand, all path specifications can only be done in /etc/pam.d.

The default pam configuration files in DragonFly and pkgsrc are specifying pam_krb5.so without the path. pkgsrc seems to take for granted that /usr/pkg/lib/security is in the libpam search path. To fix this, I added the complete path with all pam_krb5.so modules with success.

I noticed that the build of libpam is made with this flag: -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'

This flag is defined here:
lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'

This parameter is hardcoded and for what I see, there is no way to add dynamically other search paths.

On Sun, 02 Sep 2012 15:30:27 +0200, Stephane Russell via Redmine
<bugtracker-admin@leaf.dragonflybsd.org> wrote:

> The default pam configuration files in DragonFly and pkgsrc are
> specifying pam_krb5.so without the path. pkgsrc seems to take for
> granted that /usr/pkg/lib/security is in the libpam search path. To fix
> this, I added the complete path with all pam_krb5.so modules with
> success.
>
> I noticed that the build of libpam is made with this flag:
> -DOPENPAM_MODULES_DIR='"/usr/lib/security/"'
>
> This flag is defined here:
> lib/libpam/Makefile:MODULE_DIR= ${LIBDIR}/security
> lib/libpam/Makefile:CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"'
>
> This parameter is hardcoded and for what I see, there is no way to add
> dynamically other search paths.

Yeah this is what I meant, it is just one dir and not a list. The only way
to override it (from looking at openpam_dynamic.c) seems to be an absolute
path:

[...]
/* Prepend the standard prefix if not an absolute pathname. */
if (path[0] != '/')
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
[...]

Sascha

I'll have to install 3.8 before trying it. I'll get back with this in the next weeks. Thanks.

I finally had time to upgrade my station to DF 3.8.2. PAM's behavior didn't change compared to DF 3.6.

PAM is working fine only when so modules installed or symlinked in /usr/lib/security, or referred from their complete path (ex: /usr/local/lib/pam_krb5.so). This is because the directory is hard linked in BSDs.

Regards,

SR

tuxillo wrote:
> Hi,
>
> I might not be entirely but I think we needed dynamic binaries in /bin and /sbin for PAM to work correctly on DragonFly BSD.
> It was recently done so I was wondering if one could have a working PAM setup in 3.8 RELEASE or latest master.
>
> Can you please retry it?
>
> Best regards,
> Antonio Huete