Subject: Re: Defining MKKERBEROS=no breaks logins on current
To: Ralf Huvendiek <firstname.lastname@example.org>
From: Greg Troxel <email@example.com>
Date: 10/02/2005 17:39:41
Ralf Huvendiek <firstname.lastname@example.org> writes:
> I've set MKKERBEROS=no and MKKERBEROS5=no in my mk.conf. After an update
> I noticed that I was unable to login. The culprit is pam_afslog.so. It
> did not get installed, but it is required by some pam conf's.
> I had to delete this line in all of them:
> auth optional pam_afslog.so no_warn try_first_pass
> After this I was able to login again.
> On a side note: I noticed that pam relies on pam_krb5.so. Which is built
> and installed. pam_krb5.so requires libkrb5 which is built and
> installed, too.
> Are those MKKERBEROS settings still valid?
It seems correct to not build this pam module if MKKERBEROS*=no. So,
it seems that either the default pam configs should change in that
case, or more plausibly, pam should be taught to ignore missing/failed
shlibs unless they are marked required, or something like that.
Greg Troxel <email@example.com>