From owner-freebsd-security  Wed Sep 26 15:14:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from titan.titan-project.org (titan.titan-project.org [64.81.251.146])
	by hub.freebsd.org (Postfix) with ESMTP id B740637B408
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Sep 2001 15:14:37 -0700 (PDT)
Received: from localhost (cshumway@localhost [127.0.0.1])
	by titan.titan-project.org (8.11.6/8.11.4) with ESMTP id f8QMEd512585;
	Wed, 26 Sep 2001 15:14:39 -0700 (PDT)
	(envelope-from cshumway@titan-project.org)
Date: Wed, 26 Sep 2001 15:14:39 -0700 (PDT)
From: Christopher Shumway <cshumway@titan-project.org>
To: Dave <mudman@R181172.resnet.ucsb.edu>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: pam sessions?? login modules??
In-Reply-To: <Pine.BSF.4.33.0109261502430.291-100000@R181172.resnet.ucsb.edu>
Message-ID: <20010926151323.M12463-100000@titan.titan-project.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 26 Sep 2001, Dave wrote:

> Hi, I recently updated to 4.4 REL from (guess what) 4.3 REL =-)
> Anyway, making world, kernel, and all that pretty much went ok.  But, for
> some reason, I get some weird messages associated with logging in... is
> this a danger?
>
> [This is pretty much a local/console login, although I also get them when
> connecting remotely]
>
> FreeBSD/i386 (xyzhost.somewhere.com) (ttyv0)
> login: anyaccount
> Password:
> Last login: Wed Sep 26 14:53:38 on ttyv0
> Sep 26 14:55:39 xyzhost login: no modules loaded for `login' service
> Sep 26 14:55:39 xyzhost login: no modules loaded for `login' service
> Sep 26 14:55:39 xyzhost login: no modules loaded for `login' service
> Sep 26 14:55:39 xyzhost login: pam_open_session: Permission denied
> Sep 26 14:55:39 xyzhost login: pam_open_session: Permission denied
> Sep 26 14:55:39 xyzhost login: pam_open_session: Permission denied
> -----
>
> I once heard that pam sessions were somehow associated with ssh, but why
> do I get complaints about no modules being loaded for 'login' service?
> Should I have modules loaded?  If so, what am I loading here?? :)

Did you remember to run mergemaster(8) after your update to make sure the
files in /etc/ are up to date?  Specifically you need this in /etc/pam.conf:

login   auth    sufficient      pam_skey.so
login   auth    requisite       pam_cleartext_pass_ok.so
login   auth    required        pam_unix.so                     try_first_pass
login   account required        pam_unix.so
login   password required       pam_permit.so
login   session required        pam_permit.so


---
Christopher Shumway				cshumway@titan-project.org
						cshumway@freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message