From owner-freebsd-ports@FreeBSD.ORG  Fri Feb 19 09:05:29 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 884A6106566B;
	Fri, 19 Feb 2010 09:05:29 +0000 (UTC) (envelope-from ml@netfence.it)
Received: from cp-out7.libero.it (cp-out7.libero.it [212.52.84.107])
	by mx1.freebsd.org (Postfix) with ESMTP id F402B8FC14;
	Fri, 19 Feb 2010 09:05:27 +0000 (UTC)
Received: from soth.ventu (151.51.40.83) by cp-out7.libero.it (8.5.107)
	id 4B7B127300287D79; Fri, 19 Feb 2010 10:05:26 +0100
Received: from alamar.ventu (alamar.ventu [10.1.2.18])
	by soth.ventu (8.14.4/8.14.3) with ESMTP id o1J95Lc6004962;
	Fri, 19 Feb 2010 10:05:22 +0100 (CET) (envelope-from ml@netfence.it)
Message-ID: <4B7E5451.2080908@netfence.it>
Date: Fri, 19 Feb 2010 10:05:21 +0100
From: Andrea Venturoli <ml@netfence.it>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; it-IT;
	rv:1.9.1.7) Gecko/20100214 Thunderbird/3.0.1
MIME-Version: 1.0
To: Joe Marcus Clarke <marcus@FreeBSD.org>
References: <4A6B38BE.2050405@netfence.it>
	<1248554065.44222.17.camel@shumai.marcuscom.com>
In-Reply-To: <1248554065.44222.17.camel@shumai.marcuscom.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ports@FreeBSD.org
Subject: Re: netatalk 2.0.4 breaks PAM?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 09:05:29 -0000

On 07/25/09 22:34, Joe Marcus Clarke wrote:
> On Sat, 2009-07-25 at 18:54 +0200, Andrea Venturoli wrote:
>> Hello.
>> I'm using afpd on a 6.3/i386 and I make it authenticate to pam_smb.
>> Everything was fine with 2.0.3.
>>
>> As soon as I upgraded to 2.0.4, I started getting:
>>
>> Jul 13 09:28:38 xxxxx afpd[89271]: dhx login: yyyyyyy
>> Jul 13 09:28:38 xxxxx afpd[89271]: in openpam_load_module(): no
>> /usr/local/lib/pam_smb_auth.so found
>> Jul 13 09:28:38 xxxxx afpd[89271]: uams_dhx_pam.c :PAM: PAM_Error:
>> system error
>> Jul 13 09:28:38 xxxxx afpd[89271]: 0.18KB read, 0.12KB written
>>
>> I swear /usr/local/lib/pam_smb_auth.so is there and working, since many
>> other packages are using it the same way.
>
> This error means there was a problem loading the module.  This most
> likely means a symbol could not be resolved.  If you rebuild OpenPAM
> with -DOPENPAM_DEBUG, you will get more diagnostics as to exactly why
> this is failing to load.  To do that, add -DOPENPAM_DEBUG to the CFLAGS
> in /usr/src/lib/libpam/libpam/Makefile.

Sorry for taking seven months...
After an upgrade to 7.2, yesterday I tried once again to upgrade 
netatalk from 2.0.3 to 2.0.5.
Once again, I had the issue above with PAM.
I recompiled libpam with OPENPAM_DEBUG and I got this in the logs:

afpd[57952]: DHX2 login: XXXXXXX
afpd[57952]: DHX2: logincont2 alive!
afpd[57952]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so.4: 
Cannot open "/usr/local/lib/pam_smb_auth.so.4"
afpd[57952]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so: 
/usr/local/lib/pam_smb_auth.so: Undefined symbol "pam_get_item"
afpd[57952]: in openpam_load_module(): no dynamic 
/usr/local/lib/pam_smb_auth.so
afpd[57952]: in openpam_load_module(): no /usr/local/lib/pam_smb_auth.so 
found
afpd[57952]: DHX2: PAM_Error: system error
afpd[57952]: 0.51KB read, 0.38KB written

Users cannot login.



I reverted to 2.0.3 and everything is fine once again.
Notice that I still get the following:

afpd[30819]: dhx login: XXXXXXX
afpd[30819]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so.4: 
Cannot open "/usr/local/lib/pam_smb_auth.so.4"
afpd[30819]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so: 
pam_sm_acct_mgmt(): Undefined symbol "pam_sm_acct_mgmt"
afpd[30819]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so: 
pam_sm_open_session(): Undefined symbol "pam_sm_open_session"
afpd[30819]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so: 
pam_sm_close_session(): Undefined symbol "pam_sm_close_session"
afpd[30819]: in openpam_dynamic(): /usr/local/lib/pam_smb_auth.so: 
pam_sm_chauthtok(): Undefined symbol "pam_sm_chauthtok"
afpd[30819]: in openpam_load_module(): using dynamic 
/usr/local/lib/pam_smb_auth.so
afpd[30819]: in openpam_dynamic(): pam_login_access.so: 
pam_sm_authenticate(): Undefined symbol "pam_sm_authenticate"
afpd[30819]: in openpam_dynamic(): pam_login_access.so: 
pam_sm_setcred(): Undefined symbol "pam_sm_setcred"
afpd[30819]: in openpam_dynamic(): pam_login_access.so: 
pam_sm_open_session(): Undefined symbol "pam_sm_open_session"
afpd[30819]: in openpam_dynamic(): pam_login_access.so: 
pam_sm_close_session(): Undefined symbol "pam_sm_close_session"
afpd[30819]: in openpam_dynamic(): pam_login_access.so: 
pam_sm_chauthtok(): Undefined symbol "pam_sm_chauthtok"
afpd[30819]: in openpam_load_module(): using dynamic pam_login_access.so
afpd[30819]: in openpam_dynamic(): pam_unix.so: pam_sm_open_session(): 
Undefined symbol "pam_sm_open_session"
afpd[30819]: in openpam_dynamic(): pam_unix.so: pam_sm_close_session(): 
Undefined symbol "pam_sm_close_session"
afpd[30819]: in openpam_load_module(): using dynamic pam_unix.so
afpd[30819]: in openpam_load_module(): using dynamic pam_permit.so
afpd[30819]: in openpam_load_module(): using dynamic pam_permit.so
afpd[30819]: in pam_start(): pam_start("netatalk") succeeded
afpd[30819]: uams_dhx_pam.c :PAM: PAM Success
afpd[30819]: in pam_sm_acct_mgmt(): Got user: Xxxxxxx
afpd[30819]: in pam_sm_acct_mgmt(): Checking login.access for user 
Xxxxxxx from host xxxxxxxxxxxxxxxxxxxx
afpd[30819]: in pam_sm_acct_mgmt(): Got user: Xxxxxxx
afpd[30819]: in pam_sm_acct_mgmt(): Got login_cap
afpd[30819]: uams_dhx_pam.c :PAM: PAM Auth OK!
afpd[30819]: login xxxxxxx (uid 1040, gid 1000) AFP3.1


  bye & Thanks
	av.