pam_ssh_agent_auth: ENOENT

[Stefan Bethke]

Am 20.02.2013 um 16:34 schrieb Kimmo Paasiala <kpaas...@gmail.com>:

> On Wed, Feb 6, 2013 at 12:28 AM, Stefan Bethke <s...@lassitu.de> wrote:
>> 
>>> I can confirm that with the new port version on a two day old current, the 
>>> module doesn't work:
>>> $ uname -a
>>> FreeBSD freebsd-current.lassitu.de 10.0-CURRENT FreeBSD 10.0-CURRENT #0 
>>> r246283: Sun Feb  3 16:55:16 CET 2013     
>>> r...@freebsd-current.lassitu.de:/usr/obj/usr/src/sys/GENERIC  amd64
>>> $ pkg info|grep pam
>>> pam_ssh_agent_auth-0.9.4       PAM module which permits authentication via 
>>> ssh-agent
>>> $ sudo ls
>>> sudo: unable to initialize PAM: No error: 0
>>> 
>>> If I downgrade to the previous port version (and apply Kimmo's patch), it's 
>>> working properly.
>> 
>> 
>> Here's a slightly different error message on 9-stable:
>> $ uname -a
>> FreeBSD diesel.lassitu.de 9.1-STABLE FreeBSD 9.1-STABLE #7 r245996: Sun Jan 
>> 27 22:36:05 CET 2013     r...@diesel.lassitu.de:/usr/obj/usr/src/sys/DIESEL  
>> amd64
>> stb@diesel:~$ sudo ls
>> sudo: unable to initialize PAM: No such file or directory
> 
> Latest version pam_ssh_agent_auth-0.9.4_1 seems to finally work
> without any extra patches when built on a 9.1-RELEASE system.

Hhm, with a 9.1-stable from this morning, I'm still getting ENOENT.  Can you 
spot anything different in my setup?


My /usr/local/etc/pam.d/sudo looks like this:
#
# PAM configuration for the "sudo" service
#

# auth
auth            sufficient      /usr/local/lib/pam_ssh_agent_auth.so 
file=~/.ssh/authorized_keys
auth            include         system

# account
account         include         system

# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
session         required        pam_permit.so

# password
password        include         system

/var/log/messages reports:
Feb 25 17:41:01 lokschuppen sudo: in openpam_load_module(): no 
/usr/local/lib/pam_ssh_agent_auth found
Feb 25 17:41:01 lokschuppen sudo:      stb : unable to initialize PAM : No such 
file or directory ; TTY=pts/0 ; PWD=/root/eisenboot ; USER=root ; 
COMMAND=/bin/ls
# ls -l /usr/local/lib/pam_ssh_agent_auth.so 
-rwxr-xr-x  1 root  wheel  100194 Feb 25 08:48 
/usr/local/lib/pam_ssh_agent_auth.so*
# pkg_info|grep pam_ssh
pam_ssh_agent_auth-0.9.4_1 PAM module which permits authentication via ssh-agent
# ldd /usr/local/lib/pam_ssh_agent_auth.so  
/usr/local/lib/pam_ssh_agent_auth.so:
        libcrypto.so.6 => /lib/libcrypto.so.6 (0x801214000)
        libutil.so.9 => /lib/libutil.so.9 (0x8015bc000)
        libpam.so.5 => /usr/lib/libpam.so.5 (0x8017cf000)
        libcrypt.so.5 => /lib/libcrypt.so.5 (0x8019d7000)
        libc.so.7 => /lib/libc.so.7 (0x80081b000)

What other reasons could PAM have to report ENOENT?

This is the same configuration that used to work with the earlier version.


Stefan

-- 
Stefan Bethke <s...@lassitu.de>   Fon +49 151 14070811



_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"