kern/102390: [patch] kernel pppd don't using pam

Dmitry A Grigorovich odip at
Tue Aug 22 14:50:12 UTC 2006

>Number:         102390
>Category:       kern
>Synopsis:       [patch] kernel pppd don't using pam
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 22 14:50:10 GMT 2006
>Originator:     Dmitry A Grigorovich
>Release:        FreeBSD 5.5-RELEASE-p2 i386
ICiG SB RAS, Russia
System: FreeBSD 5.5-RELEASE-p2 FreeBSD 5.5-RELEASE-p2


When I try to using ldap for pppd authentication I found that
kernel pppd in FreeBSD does not using pam !

Scanning sources of pppd confirms this conclusion.


Install ldap server.
Configure your computer for ldap authentication -
use pam_ldap & nss_ldap & /etc/nsswitch.conf.
Create file /etc/pam.d/ppp

#### BOF /etc/pam.d/ppp ####

# auth
auth            required          no_warn
auth            sufficient      /usr/local/lib/      no_warn try_first_pass
auth            required             no_warn try_first_pass

# account
account         required
account         sufficient      /usr/local/lib/
account         required

# session
session         required

#### EOF ####

Ldap authentication work for sshd, ftpd,
but failed for pppd !


Patch and rebuild pppd:
cd /usr/src
patch </path/pppd-pam.patch
cd /usr/src/usr.sbin/pppd
make obj && make depend && make && make install
make clean

Restart pppd
Now pppd work with pam !!!

--- pppd-pam.patch begins here ---
--- usr.sbin/pppd/Makefile.orig	Mon Sep 19 23:11:54 2005
+++ usr.sbin/pppd/Makefile	Mon Sep 19 23:22:27 2005
@@ -11,10 +11,10 @@
 BINOWN=	root
 BINGRP=	dialer
-LDADD=	-lcrypt -lutil -lmd
+LDADD=	-lcrypt -lutil -lmd -lpam
 # Support SPX/IPX - not quite ready
--- usr.sbin/pppd/auth.c.orig	Sun Oct 26 12:01:06 2003
+++ usr.sbin/pppd/auth.c	Mon Sep 19 23:25:18 2005
@@ -771,11 +771,7 @@
 static char *PAM_username = "";
 static char *PAM_password = "";
-#ifdef PAM_ESTABLISH_CRED       /* new PAM defines :(^ */
 #define MY_PAM_STRERROR(err_code)  (char *) pam_strerror(pamh,err_code)
-#define MY_PAM_STRERROR(err_code)  (char *) pam_strerror(err_code)
 static int pam_conv (int num_msg,
                      const struct pam_message **msg,
--- pppd-pam.patch ends here ---


More information about the freebsd-bugs mailing list