From owner-freebsd-questions@FreeBSD.ORG Sat Sep 1 16:16:51 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6AAA16A419 for ; Sat, 1 Sep 2007 16:16:51 +0000 (UTC) (envelope-from listreader@lazlarlyricon.com) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 9659A13C478 for ; Sat, 1 Sep 2007 16:16:51 +0000 (UTC) (envelope-from listreader@lazlarlyricon.com) Received: from trapper.homedns.org (213.114.40.243) by proxy3.bredband.net (7.3.127) id 46D6D3D3000B476A; Sat, 1 Sep 2007 15:53:56 +0200 Received: from trapper.homedns.org (localhost [127.0.0.1]) by trapper.homedns.org (8.14.1/8.13.8) with ESMTP id l81DrtZ0016171; Sat, 1 Sep 2007 15:53:55 +0200 (CEST) (envelope-from listreader@lazlarlyricon.com) Message-ID: <46D96EF3.4000003@lazlarlyricon.com> Date: Sat, 01 Sep 2007 15:53:55 +0200 From: Rolf G Nielsen User-Agent: Thunderbird 2.0.0.6 (X11/20070901) MIME-Version: 1.0 To: Mel References: <46D928E2.1050907@lazlarlyricon.com> <200709011320.58769.fbsd.questions@rachie.is-a-geek.net> <46D95CBD.7050403@lazlarlyricon.com> <200709011544.51498.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <200709011544.51498.fbsd.questions@rachie.is-a-geek.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: PAM issues in -CURRENT (supplement) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Sep 2007 16:16:51 -0000 Mel wrote: > On Saturday 01 September 2007 14:36:13 Rolf G Nielsen wrote: >> Mel wrote: >>> On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: >>>> I just installed 7.0-CURRENT (after someone said on this list that it's >>>> very stable and there are very few bugs left). So far it seems to work >>>> fine, but there's one thing that bothers me. I repeatedly get the >>>> following messages in the console: >>>> >>>> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() >>>> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() >>>> >>>> One of those, or sometimes both, appear every time someone logs in, and >>>> since I use fetchmail to get mail from several accounts and deliver them >>>> locally, and then a local POP3 server from which my mail clients gets >>>> the mail, the logins, and thus the warning/error messages, are quite >>>> frequent. >>>> >>>> Now for my actual questions: >>>> >>>> 1. How severe are those messages? Should I assume that there are >>>> security holes? >>> Don't think so. I think you didn't recompile PAM-aware software (like >>> fetchmail and qpopper) so PAM warns you they didn't call the proper >>> functions. >>> >>>> 2. How do I get rid of the messages? No matter how severe they are, I do >>>> NOT want them filling up the console. So how could I correct the >>>> problem? >>> Silence it by altering auth.notice to auth.none on the /dev/console line >>> in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). >>> >>>> 2a. Why do those messages appear at all? Could I have done something >>>> wrong when building and installing world and/or kernel? >>> I think it's mostly the port software. Sshd for instance shouldn't >>> generate this problem. >> Here's exactly what I've done: >> >> 1. I downloaded the sources into a separate source tree (to keep the 6.2 >> sources if I wanted to roll back), /usr/src7. > > Aha! [1] > > >> k. mergemaster > > [1] Are you sure temproot was made using /usr/src7 and not /usr/src? > > I'm pretty sure this is the culprit. The only thing different that I did, was > using a cross-partition install (so that machine can boot -stable > and -current) and the major diff with that is, that you get a virgin /etc/. > > Another minor diff is that you're recommended to recompile after booting > into -current, however, I still have the auth log from the first boot and did > not find any messages similar to yours, which I should have if it's a problem > in -current. > > If you suspect the mergemaster problem: > mv /usr/src /usr/src6 > ln -s /usr/src7 /usr/src > mergemaster > Thanks for the tip. I'll give it a go. -- Sincerly, Rolf Nielsen