pam failure with netatalk

[Louis Guillaume <louis%zabrico.com@localhost>]

Hi,

I've been using netatalk on NetBSD successfully for years now; using the 
GSSAPI authentication module. Today I tried authenticating using the 
dhx_pam user authentication module instead and it did not work. Here is 
the session transcript from /var/log/messages:

Dec  1 13:31:47 maat afpd[7266]: Registering CNID module [last]
Dec  1 13:31:47 maat afpd[7266]: Registering CNID module [cdb]
Dec  1 13:31:47 maat afpd[7266]: Registering CNID module [dbd]
Dec  1 13:31:47 maat afpd[7266]: ASIP started on 192.168.1.110:548(5) 
(2.0.4)
Dec  1 13:31:47 maat afpd[7266]: uam: uams_gss.so loaded
Dec  1 13:31:47 maat afpd[7266]: uam: uams_dhx.so loaded
Dec  1 13:31:47 maat afpd[7266]: uam: "DHCAST128" available
Dec  1 13:31:47 maat afpd[7266]: uam: "Client Krb v2" available
Dec  1 13:31:54 maat afpd[7591]: ASIP session:548(5) from 
192.168.1.214:50866(7)
Dec  1 13:31:54 maat afpd[7266]: server_child[1] 7516 exited 1
Dec  1 13:31:54 maat afpd[7266]: server_child[1] 7591 done
Dec  1 13:31:55 maat afpd[2280]: ASIP session:548(5) from 
192.168.1.214:50867(7)
Dec  1 13:31:55 maat afpd[2280]: dhx login: louis
Dec  1 13:31:55 maat afpd[2280]: in openpam_load_module(): no 
pam_unix.so found
Dec  1 13:31:55 maat afpd[2280]: uams_dhx_pam.c :PAM: PAM_Error: system 
error
Dec  1 13:31:55 maat afpd[7266]: server_child[1] 2280 killed by signal 11



... In /etc/pam.d/netatalk I have:

#%PAM-1.0
auth       required     pam_unix.so
account    required     pam_unix.so
session    required     pam_unix.so


... and the netatalk package was built with PKG_OPTIONS.netatalk = pam. 
Also, as is the default, uams_dhx.so is linked to uams_dhx_pam.so:

$ ls -l /usr/pkg/libexec/netatalk/uams/uams_dhx.so
lrwxr-xr-x  1 root  wheel  15 Nov 26 13:30 
/usr/pkg/libexec/netatalk/uams/uams_dhx.so -> uams_dhx_pam.so


... so I can log in via Kerberos, but not via dhx. Which is kind of a 
problem for me right now. Any idea what's going on? I have a feeling 
this is netbsd-pam-specific because I have not seen any such reports of 
this problem on the netatalk mailing lists nor in google searches.


On another note: I notice that netatalk-2.0.5 has recently been released 
with some new features, like Time Machine support. I wonder: are upgrade 
plans in the works?

I also noticed that DHX2 is not supported (or at least it is 
specifically taken out in pkgsrc "patch-aa"). Is there some reason why 
this is so? Perhaps it's an old problem with pkgsrc that may have gone 
away by now?

Please let me know if I can help with anything. Any help would be great. 
Thanks,

Louis