>Number:         21413
>Category:       pkg
>Synopsis:       PAM's pam_unix may be broken under Linux
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 01 15:37:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6
>Organization:
http://bsd.reedmedia.net/
>Environment:
	
	
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
Architecture: i386
Machine: i386
>Description:
I use pkgsrc/security/PAM under Linux.
I built and installed security/openssh linked to that PAM.

It couldn't authenticate using pam_unix, but PAM does work
since pam_permit.so, pam_rootok.so and others works fine.

I was using
sshd    auth       required   pam_unix.so debug audit nullok

Logging:
May  1 08:28:58 k3 sshd(pam_unix)[23586]: check pass; user (reed) unknown
May  1 08:28:58 k3 PAM-warn[23586]: function=[pam_sm_authenticate]
service=[sshd] terminal=[NODEVssh] user=[reed] ruser=[<unknown>] rhost=[rainier]

I installed PAM from source (no pkgsrc patches nor pkgsrc build)
and then recreated my /usr/lib/libpam.so.0 link to new libpam
and restarted sshd and it worked fine.
I used gcc -E on patched (patch-ap) modules/pam_unix/pam_unix_acct.c
and saw it didn't have any of the getspnam code.
So HAVE_GETSPNAM was not defined,
This is because the source was including <security/_pam_aconf.h>
which had not been installed yet.
But that is not the only problem.
>How-To-Repeat:
	
>Fix:
First fix is to replace
all <security/_pam_aconf.h> with "../../_pam_aconf.h"
But that still didn't fix it for me.
But that is still needed.
>Release-Note:
>Audit-Trail:
>Unformatted: