From owner-freebsd-ports@FreeBSD.ORG  Mon Feb 25 17:50:48 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id E9892C1A;
 Mon, 25 Feb 2013 17:50:48 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea])
 by mx1.freebsd.org (Postfix) with ESMTP id AD69AB1B;
 Mon, 25 Feb 2013 17:50:48 +0000 (UTC)
Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id 1FCB715E17B;
 Mon, 25 Feb 2013 17:50:46 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Subject: pam_ssh_agent_auth: ENOENT
From: Stefan Bethke <stb@lassitu.de>
In-Reply-To: <CA+7WWSdy_KxXRX2zVyPU6-F5uwpNTwEYsNnVvpEOYw+rXzvpLw@mail.gmail.com>
Date: Mon, 25 Feb 2013 18:50:42 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C2D19D2-A599-4B6A-89CC-D32DF685926F@lassitu.de>
References: <CA+7WWSfx0viznxyjueEjVjgWzXLy6wqsv+kjMaW2Cp98y3yV4g@mail.gmail.com>
 <CA+7WWSdS-QMgLz4cyPJbjC_yAn4CWvpKwCbKcpR4HxrznGos=w@mail.gmail.com>
 <7A12B6B7-BE3F-4E0A-99C5-61348CA7E028@lassitu.de>
 <B9524981-A0C5-417C-BD53-CD658BE59E09@lassitu.de>
 <CA+7WWSdy_KxXRX2zVyPU6-F5uwpNTwEYsNnVvpEOYw+rXzvpLw@mail.gmail.com>
To: Kimmo Paasiala <kpaasial@gmail.com>
X-Mailer: Apple Mail (2.1499)
Cc: freebsd-ports@freebsd.org, miwi@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 17:50:49 -0000


Am 20.02.2013 um 16:34 schrieb Kimmo Paasiala <kpaasial@gmail.com>:

> On Wed, Feb 6, 2013 at 12:28 AM, Stefan Bethke <stb@lassitu.de> wrote:
>>=20
>>> I can confirm that with the new port version on a two day old =
current, the module doesn't work:
>>> $ uname -a
>>> FreeBSD freebsd-current.lassitu.de 10.0-CURRENT FreeBSD 10.0-CURRENT =
#0 r246283: Sun Feb  3 16:55:16 CET 2013     =
root@freebsd-current.lassitu.de:/usr/obj/usr/src/sys/GENERIC  amd64
>>> $ pkg info|grep pam
>>> pam_ssh_agent_auth-0.9.4       PAM module which permits =
authentication via ssh-agent
>>> $ sudo ls
>>> sudo: unable to initialize PAM: No error: 0
>>>=20
>>> If I downgrade to the previous port version (and apply Kimmo's =
patch), it's working properly.
>>=20
>>=20
>> Here's a slightly different error message on 9-stable:
>> $ uname -a
>> FreeBSD diesel.lassitu.de 9.1-STABLE FreeBSD 9.1-STABLE #7 r245996: =
Sun Jan 27 22:36:05 CET 2013     =
root@diesel.lassitu.de:/usr/obj/usr/src/sys/DIESEL  amd64
>> stb@diesel:~$ sudo ls
>> sudo: unable to initialize PAM: No such file or directory
>=20
> Latest version pam_ssh_agent_auth-0.9.4_1 seems to finally work
> without any extra patches when built on a 9.1-RELEASE system.

Hhm, with a 9.1-stable from this morning, I'm still getting ENOENT.  Can =
you spot anything different in my setup?


My /usr/local/etc/pam.d/sudo looks like this:
#
# PAM configuration for the "sudo" service
#

# auth
auth		sufficient	/usr/local/lib/pam_ssh_agent_auth.so =
file=3D~/.ssh/authorized_keys
auth		include		system

# account
account		include		system

# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
session		required	pam_permit.so

# password
password	include		system

/var/log/messages reports:
Feb 25 17:41:01 lokschuppen sudo: in openpam_load_module(): no =
/usr/local/lib/pam_ssh_agent_auth found
Feb 25 17:41:01 lokschuppen sudo:      stb : unable to initialize PAM : =
No such file or directory ; TTY=3Dpts/0 ; PWD=3D/root/eisenboot ; =
USER=3Droot ; COMMAND=3D/bin/ls
# ls -l /usr/local/lib/pam_ssh_agent_auth.so=20
-rwxr-xr-x  1 root  wheel  100194 Feb 25 08:48 =
/usr/local/lib/pam_ssh_agent_auth.so*
# pkg_info|grep pam_ssh
pam_ssh_agent_auth-0.9.4_1 PAM module which permits authentication via =
ssh-agent
# ldd /usr/local/lib/pam_ssh_agent_auth.so =20
/usr/local/lib/pam_ssh_agent_auth.so:
	libcrypto.so.6 =3D> /lib/libcrypto.so.6 (0x801214000)
	libutil.so.9 =3D> /lib/libutil.so.9 (0x8015bc000)
	libpam.so.5 =3D> /usr/lib/libpam.so.5 (0x8017cf000)
	libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x8019d7000)
	libc.so.7 =3D> /lib/libc.so.7 (0x80081b000)

What other reasons could PAM have to report ENOENT?

This is the same configuration that used to work with the earlier =
version.


Stefan

--=20
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811