Subject: lib/36069: racoon can't work with pam_group
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <huangys@xynetsoft.com>
List: netbsd-bugs
Date: 03/24/2007 01:35:00
>Number: 36069
>Category: lib
>Synopsis: racoon can't work with pam_group
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 24 01:35:00 +0000 2007
>Originator: Huang Yushuo
>Release: NetBSD 3.1
>Organization:
LucidaTech
>Environment:
NetBSD huangys.xynetsoft.com 3.1 NetBSD 3.1 (ACY13) #15: Tue Mar 6 13:47:52 CST 2007 huangys@huangys.xynetsoft.com:/home/src/sys/arch/i386/compile/ACY13 i386
>Description:
1. If insert pam_group.so in /etc/pam.d/racoon . you will get some error like this
in openpam_dynamic(): /usr/lib/security/pam_group.so.0:
/usr/lib/security/pam_group.so.0:
Undefined PLT symbol "login_getpwclass" (symnum = 22)
2. When you uses racoon to do the RASVPN, and you want only the
users in some group to be let in. you always get authenticate fails.
>How-To-Repeat:
racoon.conf
----------------------
.
.
mode_cfg {
.
.
auth_source pam;
.
.
}
.
.
-------------------------
/etc/pam.d/racoon
-------------------------
.
.
auth required pam_group.so no_warn group=vpnras
.
.
-------------------------
>Fix:
Index: Makefile
===================================================================
RCS file: /cvsroot/src/usr.sbin/racoon/Makefile,v
retrieving revision 1.12
diff -r1.12 Makefile
43c43
< LDADD+= -lpam ${PAM_STATIC_LDADD}
---
> LDADD+= -lpam -lutil ${PAM_STATIC_LDADD}
Index: isakmp_xauth.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c,v
retrieving revision 1.1.1.4.2.3
diff -r1.1.1.4.2.3 isakmp_xauth.c
644a645,651
>
> if ((error = pam_set_item(pam, PAM_RUSER, usr)) != 0) {
> plog(LLV_ERROR, LOCATION, NULL,
> "pam_set_item failed: %s\n",
> pam_strerror(pam, error));
> goto out;
> }