pam_ssh_agent_auth: ENOENT
Stefan Bethke
stb at lassitu.de
Mon Feb 25 17:50:49 UTC 2013
Am 20.02.2013 um 16:34 schrieb Kimmo Paasiala <kpaasial at gmail.com>:
> On Wed, Feb 6, 2013 at 12:28 AM, Stefan Bethke <stb at lassitu.de> wrote:
>>
>>> I can confirm that with the new port version on a two day old current, the module doesn't work:
>>> $ uname -a
>>> FreeBSD freebsd-current.lassitu.de 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r246283: Sun Feb 3 16:55:16 CET 2013 root at freebsd-current.lassitu.de:/usr/obj/usr/src/sys/GENERIC amd64
>>> $ pkg info|grep pam
>>> pam_ssh_agent_auth-0.9.4 PAM module which permits authentication via ssh-agent
>>> $ sudo ls
>>> sudo: unable to initialize PAM: No error: 0
>>>
>>> If I downgrade to the previous port version (and apply Kimmo's patch), it's working properly.
>>
>>
>> Here's a slightly different error message on 9-stable:
>> $ uname -a
>> FreeBSD diesel.lassitu.de 9.1-STABLE FreeBSD 9.1-STABLE #7 r245996: Sun Jan 27 22:36:05 CET 2013 root at diesel.lassitu.de:/usr/obj/usr/src/sys/DIESEL amd64
>> stb at diesel:~$ sudo ls
>> sudo: unable to initialize PAM: No such file or directory
>
> Latest version pam_ssh_agent_auth-0.9.4_1 seems to finally work
> without any extra patches when built on a 9.1-RELEASE system.
Hhm, with a 9.1-stable from this morning, I'm still getting ENOENT. Can you spot anything different in my setup?
My /usr/local/etc/pam.d/sudo looks like this:
#
# PAM configuration for the "sudo" service
#
# auth
auth sufficient /usr/local/lib/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys
auth include system
# account
account include system
# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
session required pam_permit.so
# password
password include system
/var/log/messages reports:
Feb 25 17:41:01 lokschuppen sudo: in openpam_load_module(): no /usr/local/lib/pam_ssh_agent_auth found
Feb 25 17:41:01 lokschuppen sudo: stb : unable to initialize PAM : No such file or directory ; TTY=pts/0 ; PWD=/root/eisenboot ; USER=root ; COMMAND=/bin/ls
# ls -l /usr/local/lib/pam_ssh_agent_auth.so
-rwxr-xr-x 1 root wheel 100194 Feb 25 08:48 /usr/local/lib/pam_ssh_agent_auth.so*
# pkg_info|grep pam_ssh
pam_ssh_agent_auth-0.9.4_1 PAM module which permits authentication via ssh-agent
# ldd /usr/local/lib/pam_ssh_agent_auth.so
/usr/local/lib/pam_ssh_agent_auth.so:
libcrypto.so.6 => /lib/libcrypto.so.6 (0x801214000)
libutil.so.9 => /lib/libutil.so.9 (0x8015bc000)
libpam.so.5 => /usr/lib/libpam.so.5 (0x8017cf000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x8019d7000)
libc.so.7 => /lib/libc.so.7 (0x80081b000)
What other reasons could PAM have to report ENOENT?
This is the same configuration that used to work with the earlier version.
Stefan
--
Stefan Bethke <stb at lassitu.de> Fon +49 151 14070811
More information about the freebsd-ports
mailing list