Date: Mon, 27 Jun 2005 15:04:49 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: freebsd-current@FreeBSD.org, Jeremie Le Hen <jeremie@le-hen.org>, freebsd-ports@FreeBSD.org Subject: Re: OpenPAM Figwort broke PAM modules from ports Message-ID: <20050627130449.GQ1283@obiwan.tataz.chchile.org> In-Reply-To: <86d5q8113a.fsf@xps.des.no> References: <20050626211011.GH1283@obiwan.tataz.chchile.org> <86d5q8113a.fsf@xps.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dag-Erling,
> > This prevents PAM modules installed in /usr/local/lib from being
> > dlopen(3)'d. I'm not sure whether FreeBSD really wants this new
> > ``feature'' or not, but actually I think this needs a note in
> > src/UPDATING to be issued, explaining that PAM modules installed from
> > ports need to be specified with their full path now.
>
> They always did.
With all respect I owe you you, the last upgrade of my -CURRENT box
constrained me to use the following patch to make pam_alreadyloggedin.so
work again :
%%%
--- login.old Mon Jun 27 16:13:34 2005
+++ login Mon Jun 27 01:12:30 2005
@@ -6,7 +6,7 @@
# auth
auth required pam_nologin.so no_warn
-auth sufficient pam_alreadyloggedin.so no_root
+auth sufficient /usr/local/lib/pam_alreadyloggedin.so no_root
auth sufficient pam_self.so no_warn
auth include system
%%%
It can be verified by hacking src/contrib/openpam/lib/openpam_dynamic.c
(this trivially reverts the diff I posted in my previous email) :
%%%
Index: openpam_dynamic.c
===================================================================
RCS file: /nfs/donald/repo/FreeBSD/src/contrib/openpam/lib/openpam_dynamic.c,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 openpam_dynamic.c
--- openpam_dynamic.c 17 Jun 2005 08:11:42 -0000 1.1.1.8
+++ openpam_dynamic.c 27 Jun 2005 14:16:45 -0000
@@ -71,6 +71,7 @@
prefix = OPENPAM_MODULES_DIR;
else
prefix = "";
+ prefix = "";
/* try versioned module first, then unversioned module */
if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
%%%
Compiling libpam with this patch allows me to use pam_alreadyloggedin.so
without specifying its full path, like it was before the upgrade to
OpenPAM Figwort. I think this is due to rc.d/ldconfig default settings
which add the content of /usr/local/lib into rtld(1) standard hints file.
Now that the path is fully specified in libpam, this doesn't work any
longer. It would be nice to have a note in src/UPDATING about this.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050627130449.GQ1283>