Date: Sat, 8 Aug 2009 18:24:41 -0700 (PDT) From: Kevin@es.net, "Oberman <oberman.net"@es.net To: FreeBSD-gnats-submit@FreeBSD.org Subject: conf/137586: Need to build pam_ssh module even it openssh is not built Message-ID: <20090809012442.007D95C58@slan.es.net> Resent-Message-ID: <200908090140.n791e1gh068097@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 137586
>Category: conf
>Synopsis: Need to build pam_ssh module even it openssh is not built
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Aug 09 01:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Kevin Oberman
>Release: FreeBSD 8.0-BETA2 i386
>Organization:
>Environment:
System: FreeBSD pak.es.net 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Sat Aug 8 16:32:15 PDT 2009 root@slan.es.net:/usr/obj/usr/src/sys/IBM-T43 i386
>Description:
When the ports versionm of OpenSSH ind WITHOUT_SSH is used to prevent
over-writing the ports version with the base version when updating the system,
pam_ssh is not made. If this is a fresh build from scratch, this breaks PAM
SSH. If not, the old module will be used which may lack security fixes.
.
>How-To-Repeat:
Clean out sources and /usr/obj and add WITHOUT_OPENSSH=YES to /etc/src.conf.
buildworld.
>Fix:
--- lib/libpam/modules/modules.inc.orig 2006-03-17 10:54:27.000000000 -0800
+++ lib/libpam/modules/modules.inc 2009-08-07 13:45:11.000000000 -0700
@@ -26,8 +26,6 @@
MODULES += pam_rootok
MODULES += pam_securetty
MODULES += pam_self
-.if ${MK_OPENSSH} != "no"
MODULES += pam_ssh
-.endif
MODULES += pam_tacplus
MODULES += pam_unix
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090809012442.007D95C58>