From nobody Mon Aug 7 20:43:22 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RKSw04g8Sz4mJcR for ; Mon, 7 Aug 2023 20:43:44 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.41.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RKSvy71Vdz3c69 for ; Mon, 7 Aug 2023 20:43:42 +0000 (UTC) (envelope-from trashcan@ellael.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ellael.org header.s=dkim header.b="a3Zfg/SR"; spf=pass (mx1.freebsd.org: domain of trashcan@ellael.org designates 91.121.41.56 as permitted sender) smtp.mailfrom=trashcan@ellael.org; dmarc=pass (policy=quarantine) header.from=ellael.org Received: from smtpclient.apple (p5b2e5668.dip0.t-ipconnect.de [91.46.86.104]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 4RKSvm60VkzFd1 for ; Mon, 7 Aug 2023 22:43:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellael.org; s=dkim; t=1691441012; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XKt7Leb1U+JTRAM6Jl7Vo2LURJsVPWMNkai9BGt+1ME=; b=a3Zfg/SRjXwvbR/mSM3s8amYFPQRFMxS5ICZrdfjG1ZUAlFO2j9gCXJwqDywaaa0W4JCs9 tT+7rVgn+tyQsD/8DqozgUgdfoxtAM33Z3zNYKEC5y6UKzw94cr16CXtxsk4hmznCsqEP9 pRETlDk6iMdKxA/TKn4G4RQ/KHufLokX0uH7e9x5bGQjlv1x4h7N81f7gvnq+dQ9GZanGC bg9FHgF48eKnKgaRHdbH19QMk/vgnrvam2f9qxcY1wub53sCLBwAYdw2uQNyqVhBk/L8vU uhJ55kmAj7OL7mtEZ0YHzsYnSmc6b5dMp8f41JI0RV23woe4sc6EhI95fbwWqA== From: Michael Grimm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so? Message-Id: <613E7476-6553-4A74-BF33-EF95D95F25A9@ellael.org> Date: Mon, 7 Aug 2023 22:43:22 +0200 To: freebsd-current@freebsd.org X-Mailer: Apple Mail (2.3731.700.6) X-Spamd-Result: default: False [-2.40 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[ellael.org,quarantine]; R_DKIM_ALLOW(-0.20)[ellael.org:s=dkim]; R_SPF_ALLOW(-0.20)[+ip4:91.121.41.56]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16276, ipnet:91.121.0.0/16, country:FR]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[ellael.org:+]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4RKSvy71Vdz3c69 Hi, I'm currently in the process to prepare for upcoming 14-STABLE. Thus, I = upgraded one of my sytems from 13-STABLE to 14-CURRENT. Everything went fine, except for programs that need /usr/lib/pam_opie.so = which are: 1) jexec /usr/bin/login -u 2) redis-server 3) mariadb1011-server Error messages: su[6371]: in openpam_load_module(): no pam_opie.so found su[6371]: pam_start: System error Well, although it has been reported some time ago that pam_opie and = pam_opieaccess.so will become removed in Freebsd 14, there is a port = security/opie providing both libraries. Quick workaround. But I want to understand why the above mentioned programs do fail = although not dynamically linked against /usr/lib/pam_opie.so MWN> ldd /usr/bin/login /usr/bin/login: libutil.so.9 =3D> /lib/libutil.so.9 (0xd408ecf7000) libpam.so.6 =3D> /usr/lib/libpam.so.6 (0xd408f6f2000) libbsm.so.3 =3D> /usr/lib/libbsm.so.3 (0xd4090dab000) libc.so.7 =3D> /lib/libc.so.7 (0xd408f99d000) [vdso] (0xd408e18f630) MWN> ldd /usr/local/bin/redis-server /usr/local/bin/redis-server: libthr.so.3 =3D> /lib/libthr.so.3 (0x89a8847f000) libm.so.5 =3D> /lib/libm.so.5 (0x89a87beb000) libexecinfo.so.1 =3D> /usr/lib/libexecinfo.so.1 (0x89a891c7000) libssl.so.30 =3D> /usr/lib/libssl.so.30 (0x89a8a271000) libcrypto.so.30 =3D> /lib/libcrypto.so.30 (0x89a8b02b000) libc.so.7 =3D> /lib/libc.so.7 (0x89a8c7fe000) libelf.so.2 =3D> /lib/libelf.so.2 (0x89a8949b000) libgcc_s.so.1 =3D> /lib/libgcc_s.so.1 (0x89a8bb85000) [vdso] (0x89a87323630) MWN> ldd /usr/local/libexec/mariadbd /usr/local/libexec/mariadbd: libpcre2-8.so.0 =3D> /usr/local/lib/libpcre2-8.so.0 = (0x145ae576f000) libwrap.so.6 =3D> /usr/lib/libwrap.so.6 (0x145ae64a5000) libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x145ae74be000) libz.so.6 =3D> /lib/libz.so.6 (0x145ae7d0b000) libm.so.5 =3D> /lib/libm.so.5 (0x145ae8b3e000) libexecinfo.so.1 =3D> /usr/lib/libexecinfo.so.1 (0x145ae6e03000) libssl.so.30 =3D> /usr/lib/libssl.so.30 (0x145ae9575000) libcrypto.so.30 =3D> /lib/libcrypto.so.30 (0x145aeafff000) libc++.so.1 =3D> /lib/libc++.so.1 (0x145ae9e3b000) libcxxrt.so.1 =3D> /lib/libcxxrt.so.1 (0x145aeaa85000) libgcc_s.so.1 =3D> /lib/libgcc_s.so.1 (0x145aec745000) libthr.so.3 =3D> /lib/libthr.so.3 (0x145aebf10000) libc.so.7 =3D> /lib/libc.so.7 (0x145aec7fa000) libelf.so.2 =3D> /lib/libelf.so.2 (0x145aee867000) [vdso] (0x145ae5010630) Which alternatives to pam_opie should I investigate? Reason: I want to get rid of security/opie Thanks and regards, Michael