PAM issues in -CURRENT

Mel fbsd.questions at rachie.is-a-geek.net
Sat Sep 1 05:50:22 PDT 2007


On Saturday 01 September 2007 14:05:51 Rolf G Nielsen wrote:
> Mel wrote:
> > On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote:
> >> I just installed 7.0-CURRENT (after someone said on this list that it's
> >> very stable and there are very few bugs left). So far it seems to work
> >> fine, but there's one thing that bothers me. I repeatedly get the
> >> following messages in the console:
> >>
> >> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate()
> >> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred()
> >>
> >> One of those, or sometimes both, appear every time someone logs in, and
> >> since I use fetchmail to get mail from several accounts and deliver them
> >> locally, and then a local POP3 server from which my mail clients gets
> >> the mail, the logins, and thus the warning/error messages, are quite
> >> frequent.
> >>
> >> Now for my actual questions:
> >>
> >> 1. How severe are those messages? Should I assume that there are
> >> security holes?
> >
> > Don't think so. I think you didn't recompile PAM-aware software (like
> > fetchmail and qpopper) so PAM warns you they didn't call the proper
> > functions.
> >
> >> 2. How do I get rid of the messages? No matter how severe they are, I do
> >> NOT want them filling up the console. So how could I correct the
> >> problem?
> >
> > Silence it by altering auth.notice to auth.none on the /dev/console line
> > in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart).
> >
> >> 2a. Why do those messages appear at all? Could I have done something
> >> wrong when building and installing world and/or kernel?
> >
> > I think it's mostly the port software. Sshd for instance shouldn't
> > generate this problem.
>
> It does it for EVERY login. Also with xdm and login. And I did forcibly
> recompiled ALL ports.

How did you upgrade? Cross-partition or in-place? A current installation of a 
few days old says:
find /etc/pam.d -type f \! -name README |xargs grep FreeBSD: |
sed -e 's%^.*\(src/.*\)Exp.*$%\1%'
src/etc/pam.d/atrun,v 1.1 2007/06/15 12:02:16 yar
src/etc/pam.d/cron,v 1.1 2007/06/17 17:25:52 yar
src/etc/pam.d/ftpd,v 1.19 2007/06/10 18:57:20 yar
src/etc/pam.d/gdm,v 1.8 2007/06/10 18:57:20 yar
src/etc/pam.d/imap,v 1.7 2007/06/15 11:33:13 yar
src/etc/pam.d/kde,v 1.7 2007/06/10 18:57:20 yar
src/etc/pam.d/login,v 1.17 2007/06/10 18:57:20 yar
src/etc/pam.d/other,v 1.11 2007/06/10 18:57:20 yar
src/etc/pam.d/passwd,v 1.3 2003/04/24 12:22:42 des
src/etc/pam.d/pop3,v 1.7 2007/06/15 11:33:13 yar
src/etc/pam.d/rsh,v 1.6 2007/06/10 18:57:20 yar
src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar
src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des
src/etc/pam.d/system,v 1.1 2003/06/14 12:35:05 des
src/etc/pam.d/telnetd,v 1.8 2007/06/10 18:57:20 yar
src/etc/pam.d/xdm,v 1.11 2007/06/10 18:57:20 yar
src/etc/pam.d/ftpd,v 1.19 2007/06/10 18:57:20 yar

If yours are different, you may need to re-run mergemaster. Otherwise, I'd 
take it to -current list, cause I don't see what you're seeing.

-- 
Mel

People using reply to all on lists, must think I need 2 copies.


More information about the freebsd-questions mailing list