PAM issues in -CURRENT (supplement)

Sat Sep 1 05:56:46 PDT 2007

Mel wrote:
> On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote:
>> I just installed 7.0-CURRENT (after someone said on this list that it's
>> very stable and there are very few bugs left). So far it seems to work
>> fine, but there's one thing that bothers me. I repeatedly get the
>> following messages in the console:
>>
>> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate()
>> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred()
>>
>> One of those, or sometimes both, appear every time someone logs in, and
>> since I use fetchmail to get mail from several accounts and deliver them
>> locally, and then a local POP3 server from which my mail clients gets
>> the mail, the logins, and thus the warning/error messages, are quite
>> frequent.
>>
>> Now for my actual questions:
>>
>> 1. How severe are those messages? Should I assume that there are
>> security holes?
> 
> Don't think so. I think you didn't recompile PAM-aware software (like 
> fetchmail and qpopper) so PAM warns you they didn't call the proper 
> functions.
> 
>> 2. How do I get rid of the messages? No matter how severe they are, I do
>> NOT want them filling up the console. So how could I correct the problem?
> 
> Silence it by altering auth.notice to auth.none on the /dev/console line 
> in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart).
> 
>> 2a. Why do those messages appear at all? Could I have done something
>> wrong when building and installing world and/or kernel?
> 
> I think it's mostly the port software. Sshd for instance shouldn't generate 
> this problem.
> 

Here's exactly what I've done:

1. I downloaded the sources into a separate source tree (to keep the 6.2 
sources if I wanted to roll back), /usr/src7.

2. I copied my kernel config file from /usr/src/sys/i386/conf to 
/usr/src7/sys/i386/conf.

3. I edited the kernel config file, comparing it to 
/usr/src7/sys/conf/NOTES and /usr/src7/sys/i386/conf/NOTES, to remove 
any deprecated options and possibly add new options I might be interested in

4. I edited config files, to temporarily disable autoload of nvidia 
driver, starting up xdm and some apps such as fetchmail and popd.

5. (leaving out obvious bits, such as mounting and cd'ing)
a. make -DALWAYS_CHECK_MAKE buildworld
b. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER buildkernel
c. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER KODIR=/boot/testkernel 
installkernel
d. nexkboot -k testkernel (to make sure new kernel would boot)
e. reboot
f. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER installkernel
g. reboot into single user
h. mergemaster -p
i. make -DALWAYS_CHECK_MAKE installworld
j. make delete-old
k. mergemaster
l. reboot

6. Here's when I first noticed those warnings

7.
a. portupgrade -fax nvidia-driver
b. portupgrade -f nvidia-driver

8. I edited the config files to re-enable what I disabled in 4.

9. reboot.

I'd be happy to send anyone my kernel config file, if you think that 
might be the cause.

-- 

Sincerly,

Rolf Nielsen