From owner-freebsd-current@FreeBSD.ORG Thu Dec 22 15:59:15 2011 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5898106564A for ; Thu, 22 Dec 2011 15:59:15 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 171EA8FC13 for ; Thu, 22 Dec 2011 15:59:14 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id pBMFxDUJ091936; Thu, 22 Dec 2011 19:59:13 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id pBMFxDs6091935; Thu, 22 Dec 2011 19:59:13 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 22 Dec 2011 19:59:13 +0400 From: Gleb Smirnoff To: "Hartmann, O." Message-ID: <20111222155913.GR80057@FreeBSD.org> References: <4EF25913.50107@zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4EF25913.50107@zedat.fu-berlin.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-current@FreeBSD.org Subject: Re: xdm/login: in openpam_check_path_owner_perms(): /usr/local/lib/pam_ldap.so.5 not found X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2011 15:59:16 -0000 On Wed, Dec 21, 2011 at 11:09:23PM +0100, Hartmann, O. wrote: H> OS: FreeBSD 10.0-CURRENT/amd64 r228787 H> H> Since the last update of world yesterday were I managed to compile the H> OS WITH_LIBCPLUSPLUS=YES in /etc/src.conf, H> only root is capable to login on the console. H> H> I use OpenLDAP 2.4 as the backend for usual users, having also an H> "emergency" user installed in the local /etc/passwd just in case. H> H> The problem is, I can not login via xdm or console login anymore as any H> usual user, even not as a user residing in the local passwd file. H> H> Trying to login as LDAP backed user, I get the error H> SASL/DIGEST-MD5 authentication started H> Login icorrect H> H> Inspecting /var/log/auth.log reveals for this incident H> H> login: in openpam_check_path_owner_perms(): H> /usr/local/lib/pam_ldap.so.5: No such file or directory H> H> Trying tologin as a local (/etc/passwd backed) user gets H> sometimes the same login issue, but sporadically I get a login but H> landing in / instead of /home/user. /home is a ZFS volume. H> H> I reinstalled pam_ldap, nss_ldap, openldap-sasl-server/client many times H> now since I suspected a fault in compilation (everything is compiled via H> CLANG), but I have no success. H> H> /usr/local/lib/pam_ldap.so.5 does not exist, it is simply pam_ldap.so. H> H> It seems, that the OS can not find the homes on the ZFS volume. Doing a H> su - USER works for all LDAP users but not the local users, I receive H> the error su: no directory. This is very strange. While su - as root H> does not work, login as such a failing user work, but as mentioned H> without home. H> H> The last thing I did on that box is: I recompiled yesterday evening H> world, switched the box off. When I switched the box on today, I ran H> into this issue. H> H> I recompile the system without flag WITH_LIBCPLUSPLUS and see what is H> happening. Do others also see this strange behaviour? This is definitely due to libpam update. In my case, I also got messages: openpam_check_path_owner_perms(): /usr/local/lib/pam_ldap.so.5: No such file or directory But this doesn't prevent me from logging in. The new PAM code first tries to dlopen() a library configured in /etc/pam.d with ".5" appended to it, this is hardcoded. If failed, it dlopens the exact name from configuration. So, the message is harmless itself - the pam_ldap.so is opened successfully. I suppose failure to login that you experience is related to another fallout from the new PAM import. -- Totus tuus, Glebius.