Subject: pkg/21413: PAM's pam_unix may be broken under Linux
To: None <>
From: None <>
List: netbsd-bugs
Date: 05/01/2003 08:36:46
>Number:         21413
>Category:       pkg
>Synopsis:       PAM's pam_unix may be broken under Linux
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 01 15:37:00 UTC 2003
>Release:        NetBSD 1.6
System: NetBSD 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 i386
Architecture: i386
Machine: i386
I use pkgsrc/security/PAM under Linux.
I built and installed security/openssh linked to that PAM.

It couldn't authenticate using pam_unix, but PAM does work
since, and others works fine.

I was using
sshd    auth       required debug audit nullok

May  1 08:28:58 k3 sshd(pam_unix)[23586]: check pass; user (reed) unknown
May  1 08:28:58 k3 PAM-warn[23586]: function=[pam_sm_authenticate]
service=[sshd] terminal=[NODEVssh] user=[reed] ruser=[<unknown>] rhost=[rainier]

I installed PAM from source (no pkgsrc patches nor pkgsrc build)
and then recreated my /usr/lib/ link to new libpam
and restarted sshd and it worked fine.
I used gcc -E on patched (patch-ap) modules/pam_unix/pam_unix_acct.c
and saw it didn't have any of the getspnam code.
So HAVE_GETSPNAM was not defined,
This is because the source was including <security/_pam_aconf.h>
which had not been installed yet.
But that is not the only problem.
First fix is to replace
all <security/_pam_aconf.h> with "../../_pam_aconf.h"
But that still didn't fix it for me.
But that is still needed.