PAM issues in -CURRENT

Mel fbsd.questions at rachie.is-a-geek.net
Sat Sep 1 04:21:09 PDT 2007


On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote:
> I just installed 7.0-CURRENT (after someone said on this list that it's
> very stable and there are very few bugs left). So far it seems to work
> fine, but there's one thing that bothers me. I repeatedly get the
> following messages in the console:
>
> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate()
> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred()
>
> One of those, or sometimes both, appear every time someone logs in, and
> since I use fetchmail to get mail from several accounts and deliver them
> locally, and then a local POP3 server from which my mail clients gets
> the mail, the logins, and thus the warning/error messages, are quite
> frequent.
>
> Now for my actual questions:
>
> 1. How severe are those messages? Should I assume that there are
> security holes?

Don't think so. I think you didn't recompile PAM-aware software (like 
fetchmail and qpopper) so PAM warns you they didn't call the proper 
functions.

> 2. How do I get rid of the messages? No matter how severe they are, I do
> NOT want them filling up the console. So how could I correct the problem?

Silence it by altering auth.notice to auth.none on the /dev/console line 
in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart).

> 2a. Why do those messages appear at all? Could I have done something
> wrong when building and installing world and/or kernel?

I think it's mostly the port software. Sshd for instance shouldn't generate 
this problem.

-- 
Mel


More information about the freebsd-questions mailing list