From owner-freebsd-questions@FreeBSD.ORG Sat Sep 1 12:56:46 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 281C716A418 for ; Sat, 1 Sep 2007 12:56:46 +0000 (UTC) (envelope-from listreader@lazlarlyricon.com) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id DA9BA13C478 for ; Sat, 1 Sep 2007 12:56:45 +0000 (UTC) (envelope-from listreader@lazlarlyricon.com) Received: from trapper.homedns.org (213.114.40.243) by proxy3.bredband.net (7.3.127) id 46D6D3D3000A48DC; Sat, 1 Sep 2007 14:36:14 +0200 Received: from trapper.homedns.org (localhost [127.0.0.1]) by trapper.homedns.org (8.14.1/8.13.8) with ESMTP id l81CaD1k015975; Sat, 1 Sep 2007 14:36:13 +0200 (CEST) (envelope-from listreader@lazlarlyricon.com) Message-ID: <46D95CBD.7050403@lazlarlyricon.com> Date: Sat, 01 Sep 2007 14:36:13 +0200 From: Rolf G Nielsen User-Agent: Thunderbird 2.0.0.6 (X11/20070901) MIME-Version: 1.0 To: Mel References: <46D928E2.1050907@lazlarlyricon.com> <200709011320.58769.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <200709011320.58769.fbsd.questions@rachie.is-a-geek.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: PAM issues in -CURRENT (supplement) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Sep 2007 12:56:46 -0000 Mel wrote: > On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: >> I just installed 7.0-CURRENT (after someone said on this list that it's >> very stable and there are very few bugs left). So far it seems to work >> fine, but there's one thing that bothers me. I repeatedly get the >> following messages in the console: >> >> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() >> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() >> >> One of those, or sometimes both, appear every time someone logs in, and >> since I use fetchmail to get mail from several accounts and deliver them >> locally, and then a local POP3 server from which my mail clients gets >> the mail, the logins, and thus the warning/error messages, are quite >> frequent. >> >> Now for my actual questions: >> >> 1. How severe are those messages? Should I assume that there are >> security holes? > > Don't think so. I think you didn't recompile PAM-aware software (like > fetchmail and qpopper) so PAM warns you they didn't call the proper > functions. > >> 2. How do I get rid of the messages? No matter how severe they are, I do >> NOT want them filling up the console. So how could I correct the problem? > > Silence it by altering auth.notice to auth.none on the /dev/console line > in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). > >> 2a. Why do those messages appear at all? Could I have done something >> wrong when building and installing world and/or kernel? > > I think it's mostly the port software. Sshd for instance shouldn't generate > this problem. > Here's exactly what I've done: 1. I downloaded the sources into a separate source tree (to keep the 6.2 sources if I wanted to roll back), /usr/src7. 2. I copied my kernel config file from /usr/src/sys/i386/conf to /usr/src7/sys/i386/conf. 3. I edited the kernel config file, comparing it to /usr/src7/sys/conf/NOTES and /usr/src7/sys/i386/conf/NOTES, to remove any deprecated options and possibly add new options I might be interested in 4. I edited config files, to temporarily disable autoload of nvidia driver, starting up xdm and some apps such as fetchmail and popd. 5. (leaving out obvious bits, such as mounting and cd'ing) a. make -DALWAYS_CHECK_MAKE buildworld b. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER buildkernel c. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER KODIR=/boot/testkernel installkernel d. nexkboot -k testkernel (to make sure new kernel would boot) e. reboot f. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER installkernel g. reboot into single user h. mergemaster -p i. make -DALWAYS_CHECK_MAKE installworld j. make delete-old k. mergemaster l. reboot 6. Here's when I first noticed those warnings 7. a. portupgrade -fax nvidia-driver b. portupgrade -f nvidia-driver 8. I edited the config files to re-enable what I disabled in 4. 9. reboot. I'd be happy to send anyone my kernel config file, if you think that might be the cause. -- Sincerly, Rolf Nielsen