From owner-freebsd-ports@FreeBSD.ORG Sun Jun 10 19:11:43 2007 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 923AE16A41F; Sun, 10 Jun 2007 19:11:43 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from bsd.chem.msu.ru (bsd.chem.msu.ru [195.208.208.23]) by mx1.freebsd.org (Postfix) with ESMTP id 8BF3B13C44C; Sun, 10 Jun 2007 19:11:42 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from bsd.chem.msu.ru (localhost [127.0.0.1]) by bsd.chem.msu.ru (8.13.8/8.13.8) with ESMTP id l5AIwwo0096337; Sun, 10 Jun 2007 22:58:58 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by bsd.chem.msu.ru (8.13.8/8.13.8/Submit) id l5AIwqFs096336; Sun, 10 Jun 2007 22:58:52 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) X-Authentication-Warning: bsd.chem.msu.ru: yar set sender to yar@comp.chem.msu.su using -f Date: Sun, 10 Jun 2007 22:58:52 +0400 From: Yar Tikhiy To: david@wood2.org.uk, dinoex@FreeBSD.org, garga@FreeBSD.org, gnome@FreeBSD.org, kuriyama@FreeBSD.org, nakaji@jp.FreeBSD.org, olgeni@FreeBSD.org, oliver@FreeBSD.org, pirzyk@FreeBSD.org, ports@FreeBSD.org, robin@isometry.net, sergei@FreeBSD.org, thomas@bsdunix.ch, timur@gnu.org, xride@FreeBSD.org Message-ID: <20070610185852.GA96312@bsd.chem.msu.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.15 (2007-04-06) X-Mailman-Approved-At: Sun, 10 Jun 2007 20:04:00 +0000 Cc: Subject: HEADS UP: a change to PAM affecting some ports X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2007 19:11:43 -0000 Hi there, As per discussion with re@ and the PAM maintainer, I'm about to commit a change to CURRENT's pam_nologin(8) that needs consequent changes to pam.conf(5) files. Namely, the module's PAM function class will change from "auth" to "account". How ports are concerned: First of all, a few ports install functional or sample pam.d files refering to pam_nologin.so. In order to be compatible with old and new pam_nologin.so and not care about the system version, such ports can list the module in their pam.conf(5) files under both function classes: # auth auth required pam_nologin.so no_warn # account account required pam_nologin.so Some attention may be needed to ports that describe in their documentation or install messages how to set up PAM for them. Such ports can suggest the backward-compatible setup, too. Another option is to tell that in FreeBSD 7.0 and later pam_nologin should be listed under "account". Finally, there are ports for sysadmin consoles and GUIs that can configure pam.d files. Such ports may need upstream changes in case they can handle FreeBSD pam.d at all. The most prudent ports can use __FreeBSD_version / OSVERSION of 700045 to detect the change point. After some grep'ing of the ports tree and packages-current, I got the following list of ports grouped by the way of their using, or refering to, pam_nologin.so. This heads-up message is addressed to the maintainers of those ports. Please locate ports you maintain and make appropriate changes if needed. Feel free to contact me for tech details if in doubt. Thank you, and excuse me for loading you with the work! Here's the list, with some notes in parentheses: >>> installs a functional file in pam.d: net/radiusd-cistron (BUG: seems to use wrong location of ${prefix}/pam.d in the package archive) x11/wdm >>> installs a sample pam.d file in examples: ftp/pure-ftpd mail/anubis security/cyrus-sasl (maintained by ports@) >>> mentions pam_nologin.so usage in documentation: japanese/samba japanese/samba3 mail/dovecot mail/perdition (installs a Linux-specifix pam.conf example in share/doc) net/freeradius net/freeradius-mysql net/samba3 security/courier-authlib-base security/pam_smb (maintained by ports@) >>> suggests pam.conf(5) lines in install messages: x11/xscreensaver-gnome >>> operates on pam.d files: sysutils/psgconf sysutils/webmin (seems to handle Linux PAM only) >>> END -- Yar