Date: Wed, 17 Jan 2001 23:13:21 -0500 From: "David J. MacKenzie" <djm@web.us.uu.net> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: "David J. MacKenzie" <djm@web.us.uu.net>, freebsd-security@FreeBSD.ORG Subject: Re: full PAM support for login, rshd, and su Message-ID: <20010118041321.50EBE12685@jenkins.web.us.uu.net> In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.ORG> of "Wed, 17 Jan 2001 18:44:47 PST." <20010117184446.F69328@citusc17.usc.edu>
index | next in thread | previous in thread | raw e-mail
> PAM support has been merged into OpenSSH in -current and recently
> (last week or so) merged into -stable.
Excellent! You just made my day. I hadn't done a cvsup in a few weeks.
/usr/src/crypto/openssh on -stable does have a few problems, though:
1. There's no Makefile hook for enabling PAM support like there is for
SKEY, AFS, etc.
2. make errors out because of two mistyped man page directives.
3. If you do "make obj" before compiling it, it can't find -lssh.
4. It can't find crypt().
Here are patches to fix all of these problems:
--- ./Makefile.inc 2001/01/18 03:15:08 1.1
+++ ./Makefile.inc 2001/01/18 03:40:53
@@ -4,10 +4,5 @@
.include <bsd.obj.mk>
-.if exists(${.CURDIR}/../lib/${__objdir})
-LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh
-DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a
-.else
-LDADD+= -L${.CURDIR}/../lib -lssh
-DPADD+= ${.CURDIR}/../lib/libssh.a
-.endif
+LDADD+= -L../lib -lssh
+DPADD+= ../lib/libssh.a
--- ./sftp-server/Makefile 2001/01/18 03:43:08 1.1
+++ ./sftp-server/Makefile 2001/01/18 03:43:13
@@ -6,7 +6,7 @@
BINMODE?=555
BINDIR= /usr/libexec
-MAN= sftp-server.8
+MAN8= sftp-server.8
SRCS= sftp-server.c log-server.c
--- ./sshd/Makefile 2001/01/18 03:42:00 1.1
+++ ./sshd/Makefile 2001/01/18 03:55:59
@@ -4,7 +4,7 @@
BINOWN= root
BINMODE=555
BINDIR= /usr/sbin
-MAN= sshd.8
+MAN8= sshd.8
CFLAGS+=-DHAVE_LOGIN_CAP
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
@@ -29,10 +29,15 @@
SRCS+= auth-skey.c auth2-skey.c
.endif
+.if (${PAM:L} == "yes")
+CFLAGS+= -DUSE_PAM
+SRCS+= auth-pam.c
+.endif
+
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lutil -lz
-DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
+LDADD+= -lcrypto -lutil -lz -lcrypt
+DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBCRYPT}
.if (${TCP_WRAPPERS:L} == "yes")
CFLAGS+= -DLIBWRAP
@@ -44,4 +49,9 @@
CFLAGS+= -DSKEY
LDADD+= -lskey
DPADD+= ${SKEY}
+.endif
+
+.if (${PAM:L} == "yes")
+LDADD+= ${MINUSLPAM}
+DPADD+= ${LIBPAM}
.endif
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010118041321.50EBE12685>