From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 18 08:36:03 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 29118D08
 for <freebsd-questions@freebsd.org>; Tue, 18 Mar 2014 08:36:03 +0000 (UTC)
Received: from ipmail06.adl2.internode.on.net (ipmail06.adl2.internode.on.net
 [IPv6:2001:44b8:8060:ff02:300:1:2:6])
 by mx1.freebsd.org (Postfix) with ESMTP id B78A5BDC
 for <freebsd-questions@freebsd.org>; Tue, 18 Mar 2014 08:36:02 +0000 (UTC)
Received: from ppp118-210-75-104.lns20.adl2.internode.on.net (HELO
 leader.local) ([118.210.75.104])
 by ipmail06.adl2.internode.on.net with ESMTP; 18 Mar 2014 19:06:00 +1030
Message-ID: <5328056F.6050405@ShaneWare.Biz>
Date: Tue, 18 Mar 2014 19:05:59 +1030
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Olivier Nicole <olivier.nicole@cs.ait.ac.th>, 
 "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Cannot authenticate after upgrade 9.1 to 9.2
References: <CA+g+BvhoYnbuaefCi-syXDrYDS1M_2+q8n0vw7NUOAZthHUVcQ@mail.gmail.com>
In-Reply-To: <CA+g+BvhoYnbuaefCi-syXDrYDS1M_2+q8n0vw7NUOAZthHUVcQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 08:36:03 -0000

On 17/03/2014 21:43, Olivier Nicole wrote:
> Hi,
> 
> I just completed an upgrade from 9.1 to 9.2, using the traditional
> way (fetch sources, make buildworld, make kernel, mergmaster -p,
> make installworld, mergemaster, make delete-old)
> 
> After I rebooted, I could not authenticate anymore: I get the error:
> 
> login: in try_dlopen(): /usr/lib/pam_skey.so: Shared object 
> "libskey.so.2" not found login: in openpam_load_module(): no
> pam_skey.so found

That would indicate that pam_skey.so wants to open libskey.so which
doesn't exist. I don't see either of those files on 8.4,9.2,10.0 or
current. The only reference to pam_skey I see in the svn logs was 13
years ago when updating to openssh 2.3.0.

make delete-old will remove these old libs, maybe you hadn't done that
in a while, or it just missed one.

I would say you can safely remove /usr/lib/pam_skey.so
You may want to make sure that it isn't listed in any pam config files

/etc/pam.d/*
/etc/pam.conf
/usr/local/etc/pam.d/*
/usr/local/etc/pam.conf

Given that you can't authenticate you would need to do this in single
user mode.

> The account on that server do not use PAM, they are plain old 
> /etc/passwd account, that have been working that way for ages (the 
> machine has been updated since version 4 or 5 I guess).

Actually PAM provides a common authentication framework that is used in
many places. Standard unix authentication works through pam_unix.so