pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pam-af: sshd[]: fatal: PAM: initialisation failed



On Thu 30 Dec 2021 at 19:41:13 +0100, Rhialto wrote:
> I am puzzled.

Of course, a few minutes later I discovered console messages that
weren't copied to authlog:

Dec 30 19:35:29 murthe sshd: in openpam_check_path_owner_perms(): /usr/pkg/lib/: insecure ownership or permissions
Dec 30 19:35:29 murthe sshd: in try_module(): /usr/pkg/lib/security/pam_af.so: Operation not permitted
Dec 30 19:35:29 murthe sshd: in openpam_load_module(): no /usr/pkg/lib/security/pam_af.so found
Dec 30 19:35:29 murthe sshd[3176]: fatal: PAM: initialisation failed

which explains this particular error. Indeed /usr/lib/lib somehow had
gotten a wrong owner.

After fixing that, the original package changed its errors into the more
expected ones:

Dec 30 20:01:22 murthe sshd: in openpam_dispatch(): /usr/pkg/lib/security/pam_af.so: no pam_sm_setcred()
Dec 30 20:01:22 murthe sshd: in openpam_check_error_code(): pam_sm_setcred(): unexpected return value 2

So I went back to the altered package with MKPIE_SUPPORTED=NO, and it worked.

However, there is probably some more subtle way to prevent the wrappers
from adding -pie in that one ld command. It isn't even linking an
executable (but the command line comes from the package's Makefile).
For the actual executable it creates later (pam_af_tool), -pie is fine.

-Olaf.
-- 
___ "Buying carbon credits is a bit like a serial killer paying someone else to
\X/  have kids to make his activity cost neutral." -The BOFH    falu.nl@rhialto

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index