kern/102390: [patch] kernel pppd don't using pam

Dmitry A Grigorovich odip at bionet.nsc.ru
Tue Aug 22 14:50:12 UTC 2006 

>Number:         102390
>Category:       kern
>Synopsis:       [patch] kernel pppd don't using pam
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 22 14:50:10 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry A Grigorovich
>Release:        FreeBSD 5.5-RELEASE-p2 i386
>Organization:
ICiG SB RAS, Russia
>Environment:
System: FreeBSD ogre.bionet.nsc.ru 5.5-RELEASE-p2 FreeBSD 5.5-RELEASE-p2

>Description:

When I try to using ldap for pppd authentication I found that
kernel pppd in FreeBSD does not using pam !

Scanning sources of pppd confirms this conclusion.

>How-To-Repeat:

Install ldap server.
Configure your computer for ldap authentication -
use pam_ldap & nss_ldap & /etc/nsswitch.conf.
Create file /etc/pam.d/ppp

#### BOF /etc/pam.d/ppp ####

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_login_access.so
account         sufficient      /usr/local/lib/pam_ldap.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

#### EOF ####

Ldap authentication work for sshd, ftpd,
but failed for pppd !

>Fix:

Patch and rebuild pppd:
cd /usr/src
patch </path/pppd-pam.patch
cd /usr/src/usr.sbin/pppd
make obj && make depend && make && make install
make clean

Restart pppd
Now pppd work with pam !!!

--- pppd-pam.patch begins here ---
--- usr.sbin/pppd/Makefile.orig	Mon Sep 19 23:11:54 2005
+++ usr.sbin/pppd/Makefile	Mon Sep 19 23:22:27 2005
@@ -11,10 +11,10 @@
 BINOWN=	root
 BINGRP=	dialer
 
-CFLAGS+= -DHAVE_PATHS_H
+CFLAGS+= -DHAVE_PATHS_H -DUSE_PAM
 
 DPADD=	${LIBCRYPT} ${LIBUTIL} ${LIBMD}
-LDADD=	-lcrypt -lutil -lmd
+LDADD=	-lcrypt -lutil -lmd -lpam
 
 # Support SPX/IPX - not quite ready
 #CFLAGS+= -DIPX_CHANGE
--- usr.sbin/pppd/auth.c.orig	Sun Oct 26 12:01:06 2003
+++ usr.sbin/pppd/auth.c	Mon Sep 19 23:25:18 2005
@@ -771,11 +771,7 @@
 static char *PAM_username = "";
 static char *PAM_password = "";
 
-#ifdef PAM_ESTABLISH_CRED       /* new PAM defines :(^ */
 #define MY_PAM_STRERROR(err_code)  (char *) pam_strerror(pamh,err_code)
-#else
-#define MY_PAM_STRERROR(err_code)  (char *) pam_strerror(err_code)
-#endif
 
 static int pam_conv (int num_msg,
                      const struct pam_message **msg,
--- pppd-pam.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list