pam_ssh_agent_auth: ENOENT

Stefan Bethke stb at lassitu.de
Mon Feb 25 17:50:49 UTC 2013 

Am 20.02.2013 um 16:34 schrieb Kimmo Paasiala <kpaasial at gmail.com>:

> On Wed, Feb 6, 2013 at 12:28 AM, Stefan Bethke <stb at lassitu.de> wrote:
>> 
>>> I can confirm that with the new port version on a two day old current, the module doesn't work:
>>> $ uname -a
>>> FreeBSD freebsd-current.lassitu.de 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r246283: Sun Feb  3 16:55:16 CET 2013     root at freebsd-current.lassitu.de:/usr/obj/usr/src/sys/GENERIC  amd64
>>> $ pkg info|grep pam
>>> pam_ssh_agent_auth-0.9.4       PAM module which permits authentication via ssh-agent
>>> $ sudo ls
>>> sudo: unable to initialize PAM: No error: 0
>>> 
>>> If I downgrade to the previous port version (and apply Kimmo's patch), it's working properly.
>> 
>> 
>> Here's a slightly different error message on 9-stable:
>> $ uname -a
>> FreeBSD diesel.lassitu.de 9.1-STABLE FreeBSD 9.1-STABLE #7 r245996: Sun Jan 27 22:36:05 CET 2013     root at diesel.lassitu.de:/usr/obj/usr/src/sys/DIESEL  amd64
>> stb at diesel:~$ sudo ls
>> sudo: unable to initialize PAM: No such file or directory
> 
> Latest version pam_ssh_agent_auth-0.9.4_1 seems to finally work
> without any extra patches when built on a 9.1-RELEASE system.

Hhm, with a 9.1-stable from this morning, I'm still getting ENOENT.  Can you spot anything different in my setup?


My /usr/local/etc/pam.d/sudo looks like this:
#
# PAM configuration for the "sudo" service
#

# auth
auth		sufficient	/usr/local/lib/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys
auth		include		system

# account
account		include		system

# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
session		required	pam_permit.so

# password
password	include		system

/var/log/messages reports:
Feb 25 17:41:01 lokschuppen sudo: in openpam_load_module(): no /usr/local/lib/pam_ssh_agent_auth found
Feb 25 17:41:01 lokschuppen sudo:      stb : unable to initialize PAM : No such file or directory ; TTY=pts/0 ; PWD=/root/eisenboot ; USER=root ; COMMAND=/bin/ls
# ls -l /usr/local/lib/pam_ssh_agent_auth.so 
-rwxr-xr-x  1 root  wheel  100194 Feb 25 08:48 /usr/local/lib/pam_ssh_agent_auth.so*
# pkg_info|grep pam_ssh
pam_ssh_agent_auth-0.9.4_1 PAM module which permits authentication via ssh-agent
# ldd /usr/local/lib/pam_ssh_agent_auth.so  
/usr/local/lib/pam_ssh_agent_auth.so:
	libcrypto.so.6 => /lib/libcrypto.so.6 (0x801214000)
	libutil.so.9 => /lib/libutil.so.9 (0x8015bc000)
	libpam.so.5 => /usr/lib/libpam.so.5 (0x8017cf000)
	libcrypt.so.5 => /lib/libcrypt.so.5 (0x8019d7000)
	libc.so.7 => /lib/libc.so.7 (0x80081b000)

What other reasons could PAM have to report ENOENT?

This is the same configuration that used to work with the earlier version.


Stefan

-- 
Stefan Bethke <stb at lassitu.de>   Fon +49 151 14070811

More information about the freebsd-ports mailing list