RE: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Aug 2023 06:38:30 UTC
Michael Grimm <trashcan_at_ellael.org> wrote on Date: Mon, 07 Aug 2023 20:43:22 UTC : > I'm currently in the process to prepare for upcoming 14-STABLE. Thus, I upgraded one of my sytems from 13-STABLE to 14-CURRENT. > > Everything went fine, except for programs that need /usr/lib/pam_opie.so which are: > > 1) jexec <jailname> /usr/bin/login -u <user> > 2) redis-server > 3) mariadb1011-server > > Error messages: > > su[6371]: in openpam_load_module(): no pam_opie.so found > su[6371]: pam_start: System error > > Well, although it has been reported some time ago that pam_opie and pam_opieaccess.so will become removed in Freebsd 14, there is a port security/opie providing both libraries. Quick workaround. > > But I want to understand why the above mentioned programs do fail although not dynamically linked against /usr/lib/pam_opie.so openpam_load_module leads to dlopen use to open pam_opie.so instead of it being prebound : # grep -r openpam_load_module /usr/main-src/ | more /usr/main-src/contrib/openpam/lib/libpam/openpam_impl.h:pam_module_t *openpam_load_module(const char *) /usr/main-src/contrib/openpam/lib/libpam/openpam_configure.c: if ((this->module = openpam_load_module(modulename)) == NULL) { /usr/main-src/contrib/openpam/lib/libpam/openpam_load.c:openpam_load_module(const char *modulename) pam_module_t * openpam_load_module(const char *modulename) { pam_module_t *module; module = openpam_dynamic(modulename); . . . return (module); } That eventually gets to the likes of: static void * try_dlopen(const char *modfn) { int check_module_file; void *dlh; . . . if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror()); errno = 0; return (NULL); } return (dlh); } Absent that load working, pam_start also reports a failure because of the (pam_module_t *)NULL --or so I assume. === Mark Millard marklmi at yahoo.com