conf/137586: Need to build pam_ssh module even it openssh is not built

Kevin at es.net Kevin at es.net
Sun Aug 9 01:40:02 UTC 2009


>Number:         137586
>Category:       conf
>Synopsis:       Need to build pam_ssh module even it openssh is not built
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 09 01:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Oberman
>Release:        FreeBSD 8.0-BETA2 i386
>Organization:
>Environment:
System: FreeBSD pak.es.net 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Sat Aug  8 16:32:15 PDT 2009 root at slan.es.net:/usr/obj/usr/src/sys/IBM-T43 i386


	
>Description:
	
When the ports versionm of OpenSSH ind WITHOUT_SSH is used to prevent
over-writing the ports version with the base version when updating the system,
pam_ssh is not made. If this is a fresh build from scratch, this breaks PAM
SSH. If not, the old module will be used which may lack security fixes.
.
>How-To-Repeat:
	
Clean out sources and /usr/obj and add WITHOUT_OPENSSH=YES to /etc/src.conf.
buildworld.
>Fix:
--- lib/libpam/modules/modules.inc.orig	2006-03-17 10:54:27.000000000 -0800
+++ lib/libpam/modules/modules.inc	2009-08-07 13:45:11.000000000 -0700
@@ -26,8 +26,6 @@
 MODULES		+= pam_rootok
 MODULES		+= pam_securetty
 MODULES		+= pam_self
-.if ${MK_OPENSSH} != "no"
 MODULES		+= pam_ssh
-.endif
 MODULES		+= pam_tacplus
 MODULES		+= pam_unix

	


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list