misc/153918: Consider compiling OpenPAM with debug logging support

[Stephen Fisher]

>Number:         153918
>Category:       misc
>Synopsis:       Consider compiling OpenPAM with debug logging support
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 12 01:00:16 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Stephen Fisher
>Release:        8.1-RELEASE
>Organization:
>Environment:
FreeBSD xxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
The man pages for OpenPAM as distributed with the base operating system mention the "debug" option that can be used with pam modules.  However, the debug will not work unless the --enable-debug option (not --enable-debugging-symbols) is passed to OpenPAM's configuration script in /usr/src/contrib/openpam.  Once this is recompiled (along with the code in /usr/src/lib/libpam/), the debug output shows up as expected in /var/log/debug.log.

>How-To-Repeat:
Add "debug" to an authentication entry in /etc/pam.d/ such as /etc/pam.d/sshd:

auth    required        pam_unix.so             debug no_warn try_first_pass


>Fix:
Pass "--enable-debug" to configure script in /usr/src/contrib/openpam before building


>Release-Note:
>Audit-Trail:
>Unformatted: