From owner-freebsd-security Wed Jan 17 20:13:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from jenkins.web.us.uu.net (jenkins.web.us.uu.net [208.240.88.32]) by hub.freebsd.org (Postfix) with ESMTP id 4127B37B401; Wed, 17 Jan 2001 20:13:22 -0800 (PST) Received: from jenkins.web.us.uu.net (localhost.web.us.uu.net [127.0.0.1]) by jenkins.web.us.uu.net (Postfix) with ESMTP id 50EBE12685; Wed, 17 Jan 2001 23:13:21 -0500 (EST) To: Kris Kennaway Cc: "David J. MacKenzie" , freebsd-security@FreeBSD.ORG Subject: Re: full PAM support for login, rshd, and su In-Reply-To: Message from Kris Kennaway of "Wed, 17 Jan 2001 18:44:47 PST." <20010117184446.F69328@citusc17.usc.edu> Date: Wed, 17 Jan 2001 23:13:21 -0500 From: "David J. MacKenzie" Message-Id: <20010118041321.50EBE12685@jenkins.web.us.uu.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > PAM support has been merged into OpenSSH in -current and recently > (last week or so) merged into -stable. Excellent! You just made my day. I hadn't done a cvsup in a few weeks. /usr/src/crypto/openssh on -stable does have a few problems, though: 1. There's no Makefile hook for enabling PAM support like there is for SKEY, AFS, etc. 2. make errors out because of two mistyped man page directives. 3. If you do "make obj" before compiling it, it can't find -lssh. 4. It can't find crypt(). Here are patches to fix all of these problems: --- ./Makefile.inc 2001/01/18 03:15:08 1.1 +++ ./Makefile.inc 2001/01/18 03:40:53 @@ -4,10 +4,5 @@ .include -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a -.else -LDADD+= -L${.CURDIR}/../lib -lssh -DPADD+= ${.CURDIR}/../lib/libssh.a -.endif +LDADD+= -L../lib -lssh +DPADD+= ../lib/libssh.a --- ./sftp-server/Makefile 2001/01/18 03:43:08 1.1 +++ ./sftp-server/Makefile 2001/01/18 03:43:13 @@ -6,7 +6,7 @@ BINMODE?=555 BINDIR= /usr/libexec -MAN= sftp-server.8 +MAN8= sftp-server.8 SRCS= sftp-server.c log-server.c --- ./sshd/Makefile 2001/01/18 03:42:00 1.1 +++ ./sshd/Makefile 2001/01/18 03:55:59 @@ -4,7 +4,7 @@ BINOWN= root BINMODE=555 BINDIR= /usr/sbin -MAN= sshd.8 +MAN8= sshd.8 CFLAGS+=-DHAVE_LOGIN_CAP SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ @@ -29,10 +29,15 @@ SRCS+= auth-skey.c auth2-skey.c .endif +.if (${PAM:L} == "yes") +CFLAGS+= -DUSE_PAM +SRCS+= auth-pam.c +.endif + .include -LDADD+= -lcrypto -lutil -lz -DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} +LDADD+= -lcrypto -lutil -lz -lcrypt +DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBCRYPT} .if (${TCP_WRAPPERS:L} == "yes") CFLAGS+= -DLIBWRAP @@ -44,4 +49,9 @@ CFLAGS+= -DSKEY LDADD+= -lskey DPADD+= ${SKEY} +.endif + +.if (${PAM:L} == "yes") +LDADD+= ${MINUSLPAM} +DPADD+= ${LIBPAM} .endif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message