Ralf Huvendiek <netbsd@kaervek.net> writes:

> I've set MKKERBEROS=no and MKKERBEROS5=no in my mk.conf. After an update
> I noticed that I was unable to login. The culprit is pam_afslog.so. It
> did not get installed, but it is required by some pam conf's.
> I had to delete this line in all of them:
> auth           optional        pam_afslog.so   no_warn try_first_pass
> 
> After this I was able to login again.
> 
> On a side note: I noticed that pam relies on pam_krb5.so. Which is built
> and installed. pam_krb5.so requires libkrb5 which is built and
> installed, too.
> Are those MKKERBEROS settings still valid?

It seems correct to not build this pam module if MKKERBEROS*=no.  So,
it seems that either the default pam configs should change in that
case, or more plausibly, pam should be taught to ignore missing/failed
shlibs unless they are marked required, or something like that.

-- 
        Greg Troxel <gdt@ir.bbn.com>