From owner-freebsd-security@freebsd.org Thu Jul 9 18:05:29 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95967997C7D for ; Thu, 9 Jul 2015 18:05:29 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6120C1E60 for ; Thu, 9 Jul 2015 18:05:29 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [127.0.0.1] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 7BBF91302 for ; Thu, 9 Jul 2015 21:05:27 +0300 (MSK) Message-ID: <559EB7E6.6040805@FreeBSD.org> Date: Thu, 09 Jul 2015 21:05:26 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Where 3rd-party PAM modules should be placed? Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 18:05:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 `security/pam_ssh_agent_auth' installs PAM module (pam_ssh_agent_auth.so) into `${LOCALBASE}/lib', but `security/pam_yubico' and `security/oath-toolkit' install PAM modules into `${LOCALBASE}/lib/security'. And, by default on 10-STABLE, modules from `${LOCALBASE}/lib/security' can not be loaded by name (without full path) in PAM configuration file. Which place is correct? I like `${LOCALBASE}/lib/security', but using full pathnames looks ugly! - -- // Lev Serebryakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVnrfmXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EeP8cgQAI+5Bj9EteOICQKePSSQ3Ox4 vYMQuX8IRmZvDDjfVzeuu9ExzO0qSMQtbARRVbd54HchwzcSVI807zatzwavvoPS 9LcJZNSA2/k19H6bd8nROB9SDdZsQg/pDCRCm9ePInIBxp9fhLXABUV2TSM0ZZHV ed+BkbyAIA7pfpVOgMN6HVzQ5Snp/LtqWP7AAGlopOQ+jce52hABQ6pufeiucBjS kGsuJy4pVn8Uc2XHtx5i0m0+F/j4lZYgkNgJjHfZhuh2JkTsEd0rPFgpvteCS/++ /rrRyOwVFeW8BrllKI5bVvimVD+HTBNFbo4oQY2kLvJxamL1NFOksbmXQqWOCEE6 968hV2hetvkOkaCbZLlnMD3QKUyQhqJtjcKN/1HforDmOvFyjk7vknt9755gBlm1 w6lwPbJR45YNDKbDN/Y+5xL7KGHYmNZefgjLy2wyZhBcdz4I8xqsdxOHb5LAmXrQ oX+i6jg+gxZLcHOfeacezEOlN6ZeQw2ElHRxViEEabYX0NtabRXu7VjxME83Vjmq HtWCPV0PAglGrnYdlz72YreR0l5WxN4WjrkR2TOzoQeJ7aK1LUH3VbL+Dsb3BA2t Yd06cyA192s54VlJ2ntppzZ8EnOz+wYHpVRSL9nNZfQh2SCv8A/ic57aV9QoOYqy qjNhE9GTDAENP/XRvbzE =NI2q -----END PGP SIGNATURE-----