pam-af: sshd[]: fatal: PAM: initialisation failed

To: pkgsrc-users%NetBSD.org@localhost
Subject: pam-af: sshd[]: fatal: PAM: initialisation failed
From: Rhialto <rhialto%falu.nl@localhost>
Date: Thu, 30 Dec 2021 19:41:13 +0100

Again I have trouble with security/pam-af.

/etc/pam.d/ssh contains

auth           requisite       /usr/pkg/lib/security/pam_af.so debug

sshd disconnects when trying to log in, and the only log entry I see is

Dec 30 17:59:12 murthe sshd[13304]: fatal: PAM: initialisation failed 

It seems the compiled shared object defines no symbols:

$ nm -D /usr/pkg/lib/security/pam_af.so
                 U __dbm_fetch13
                 U __dbm_firstkey13
                 U __dbm_nextkey13
                 U __dbm_store13
                 U __errno
                 U __stack_chk_fail
                 U __stack_chk_guard
                 U __time50
                 U __vfork14
0000000000202fb8 B _end
                 U _exit
                 U _openpam_log
                 U atoi
                 U dbm_close
                 U dbm_open
                 U err
                 U execle
                 U free
                 U freeaddrinfo
                 U gai_strerror
                 U getaddrinfo
                 U getnameinfo
                 U getuid
                 U malloc
                 U memcmp
                 U memcpy
                 U memmove
                 U pam_get_item
                 U pam_getenvlist
                 U realloc
                 U sleep
                 U snprintf
                 U sprintf
                 U strdup
                 U strerror
                 U strlen
                 U strncmp
                 U strtol
                 U waitpid

If I compare that with base system modules, those have the  pam_sm_*
symbols:

$ nm -D /usr/lib/security/pam_self.so.4 | grep pam_sm
00000000000006bc T pam_sm_authenticate
0000000000000772 T pam_sm_setcred

The pam_af.o file, which gets converted into the .so, does have the
important symbols defined:

.../pam-af/work.x86_64/pam_af-1.0.2$ nm pam_af.o | grep pam_sm
0000000000000285 t pam_sm_authenticate
000000000000008f t pam_sm_setcred

The make build output shows this command to create the .so file, which
causes a warning:

--- ./pam_af.o ---
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c ./pam_af.c -o ./pam_af.o
--- ./pam_af.so ---
ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./pam_af.so
ld: warning: cannot find entry symbol _start; defaulting to 0000000000000ee0

.work.log adds -pie:

[*] ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./pam_af.so
<.> ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./pam_af.so -pie

If I manually use the [*] command, the resulting pam_af.so does have the
required symbols (although not the pam_sm_* ones, but the
_pam_{module,name} instead).

If I add "MKPIE_SUPPORTED=        NO" to the package Makefile, I also
get the .so file with the symbols.

However, when I install the resulting package, it still doesn't work.
Sshd still logs the same message:

Dec 30 19:35:29 murthe sshd[3176]: fatal: PAM: initialisation failed

I am puzzled.

-Olaf.
-- 
___ "Buying carbon credits is a bit like a serial killer paying someone else to
\X/  have kids to make his activity cost neutral." -The BOFH    falu.nl@rhialto

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: pam-af: sshd[]: fatal: PAM: initialisation failed
  - From: Rhialto

Prev by Date: Re: Recent lang/python* and textproc/py-cElementTree failure
Next by Date: Re: Recent lang/python* and textproc/py-cElementTree failure
Previous by Thread: Recent lang/python* and textproc/py-cElementTree failure
Next by Thread: Re: pam-af: sshd[]: fatal: PAM: initialisation failed
Indexes:

Home | Main Index | Thread Index | Old Index