From owner-freebsd-current  Fri Aug 17 13:10:13 2001
Delivered-To: freebsd-current@freebsd.org
Received: from tabby.kudra.com (gw.kudra.com [199.6.32.20])
	by hub.freebsd.org (Postfix) with ESMTP id BDB2137B40A
	for <freebsd-current@freebsd.org>; Fri, 17 Aug 2001 13:10:06 -0700 (PDT)
	(envelope-from robert@tabby.kudra.com)
Received: (from robert@localhost)
	by tabby.kudra.com (8.11.5/8.11.5) id f7HKA5t31130
	for freebsd-current@freebsd.org; Fri, 17 Aug 2001 16:10:05 -0400 (EDT)
	(envelope-from robert)
Date: Fri, 17 Aug 2001 16:10:05 -0400
From: Robert Sexton <robert@kudra.com>
To: freebsd-current@freebsd.org
Subject: help! su(1) is still broken
Message-ID: <20010817161005.B30700@kudra.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

I cvsupped earlier in the week (august 9th) for the first time in
about 3 weeks. The pam changes seem to have broken su on my machine.
I'm using the default pam.conf (via mergemaster), so I would assume
that it should work. I can't seem to tweak it into behaving.  I
searched the list, but moving libpam to /compat/lib didn't work
for me.  The best clue so far is the contents of my security log
(I turned on debugging).  pam_wheel seems to be working, but pam_unix
blows in completely:

Aug 16 12:06:07 su: pam_unix: pam_sm_authenticate: Options processed
Aug 16 12:06:07 su: pam_unix: pam_sm_authenticate: Got user: toor
Aug 16 12:06:07 su: pam_unix: pam_sm_authenticate: Doing real authentication
Aug 16 12:06:10 pam_unix: pam_sm_authenticate: Got password
Aug 16 12:06:10 su: pam_unix: pam_sm_authenticate: Encrypted passwords are: **NuIxEpaVQeE & *
Aug 16 12:06:10 su: pam_unix: pam_sm_authenticate: returning PAM_AUTH_ERR

I trimmed the lines a little.  The thing that makes no sense here is
that I'm using md5 passwords.  When I login as toor on the console,
pam_unix does the right thing.  So perhaps it some sort of bizarre
crypto problem.  I really don't know where to go next, or what to zap
and re-build, so any suggestions would be greatly appreciated.

-- 
Robert Sexton, robert@kudra.com
No one told me that it could not be done, and so I did it. - Jack Kloepfer

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message