Subject: pkg/21413: PAM's pam_unix may be broken under Linux
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 05/01/2003 08:36:46
>Synopsis: PAM's pam_unix may be broken under Linux
>Arrival-Date: Thu May 01 15:37:00 UTC 2003
>Release: NetBSD 1.6
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 email@example.com:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
I use pkgsrc/security/PAM under Linux.
I built and installed security/openssh linked to that PAM.
It couldn't authenticate using pam_unix, but PAM does work
since pam_permit.so, pam_rootok.so and others works fine.
I was using
sshd auth required pam_unix.so debug audit nullok
May 1 08:28:58 k3 sshd(pam_unix): check pass; user (reed) unknown
May 1 08:28:58 k3 PAM-warn: function=[pam_sm_authenticate]
service=[sshd] terminal=[NODEVssh] user=[reed] ruser=[<unknown>] rhost=[rainier]
I installed PAM from source (no pkgsrc patches nor pkgsrc build)
and then recreated my /usr/lib/libpam.so.0 link to new libpam
and restarted sshd and it worked fine.
I used gcc -E on patched (patch-ap) modules/pam_unix/pam_unix_acct.c
and saw it didn't have any of the getspnam code.
So HAVE_GETSPNAM was not defined,
This is because the source was including <security/_pam_aconf.h>
which had not been installed yet.
But that is not the only problem.
First fix is to replace
all <security/_pam_aconf.h> with "../../_pam_aconf.h"
But that still didn't fix it for me.
But that is still needed.