From owner-freebsd-current  Tue May 14  3:40:32 2002
Delivered-To: freebsd-current@freebsd.org
Received: from prg.traveller.cz (prg.traveller.cz [193.85.2.77])
	by hub.freebsd.org (Postfix) with ESMTP id 29FA137B409
	for <current@freebsd.org>; Tue, 14 May 2002 03:40:17 -0700 (PDT)
Received: from prg.traveller.cz (localhost [127.0.0.1])
	by prg.traveller.cz (8.12.2[KQ/pukvis]/8.12.2-prg) with ESMTP id g4EAeFIO072282;
	Tue, 14 May 2002 12:40:15 +0200 (CEST)
Received: from localhost (mime@localhost)
	by prg.traveller.cz (8.12.2[KQ/pukvis]/8.12.2-prg/submit) with ESMTP id g4EAeF7p072278;
	Tue, 14 May 2002 12:40:15 +0200 (CEST)
Date: Tue, 14 May 2002 12:40:15 +0200 (CEST)
From: Michal Mertl <mime@traveller.cz>
To: current@freebsd.org, <kwiatek@NEVADA.TPI.PL>
Subject: Re: VLock and 5.0 DP1
In-Reply-To: <bulk.82937.20020513152541@hub.freebsd.org>
Message-ID: <Pine.BSF.4.41.0205140911480.38650-100000@prg.traveller.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

> When i try to compile Vlock from ports, i get:
>
> cc -O -pipe   -DUSE_PAM -c vlock.c
> cc -O -pipe   -DUSE_PAM -c signals.c
> cc -O -pipe   -DUSE_PAM -c help.c
> cc -O -pipe   -DUSE_PAM -c terminal.c
> cc -O -pipe   -DUSE_PAM -c input.c
> input.c:64: security/pam_misc.h: No such file or directory
> input.c:67: `misc_conv' undeclared here (not in a function)
> input.c:67: initializer element is not constant
> input.c:67: (near initialization for `PAM_conversation.conv')

vlock's PAM handling is written for LinuxPAM. There's some icompatibility
issue with OpenPAM which I didn't look much into but it helps to remove
USE_PAM. You don't have to tell the vlock you're using shadow passwords
because FreeBSD's getpwent(3)  returns password to the program run by root
automatically. To run the program as root you must make sure it's owned by
root and has suid bit set (or always run it as root). This easily may be
security hole if there's bug in the program.

HTH

-- 
Michal Mertl
mime@traveller.cz




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message