Subject: pkg/21413: PAM's pam_unix may be broken under Linux
To: None <gnats-bugs@gnats.netbsd.org>
From: None <reed@reedmedia.net>
List: netbsd-bugs
Date: 05/01/2003 08:36:46
>Number: 21413
>Category: pkg
>Synopsis: PAM's pam_unix may be broken under Linux
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu May 01 15:37:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.6
>Organization:
http://bsd.reedmedia.net/
>Environment:
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
Architecture: i386
Machine: i386
>Description:
I use pkgsrc/security/PAM under Linux.
I built and installed security/openssh linked to that PAM.
It couldn't authenticate using pam_unix, but PAM does work
since pam_permit.so, pam_rootok.so and others works fine.
I was using
sshd auth required pam_unix.so debug audit nullok
Logging:
May 1 08:28:58 k3 sshd(pam_unix)[23586]: check pass; user (reed) unknown
May 1 08:28:58 k3 PAM-warn[23586]: function=[pam_sm_authenticate]
service=[sshd] terminal=[NODEVssh] user=[reed] ruser=[<unknown>] rhost=[rainier]
I installed PAM from source (no pkgsrc patches nor pkgsrc build)
and then recreated my /usr/lib/libpam.so.0 link to new libpam
and restarted sshd and it worked fine.
I used gcc -E on patched (patch-ap) modules/pam_unix/pam_unix_acct.c
and saw it didn't have any of the getspnam code.
So HAVE_GETSPNAM was not defined,
This is because the source was including <security/_pam_aconf.h>
which had not been installed yet.
But that is not the only problem.
>How-To-Repeat:
>Fix:
First fix is to replace
all <security/_pam_aconf.h> with "../../_pam_aconf.h"
But that still didn't fix it for me.
But that is still needed.
>Release-Note:
>Audit-Trail:
>Unformatted: