Re: PAM issues in -CURRENT (supplement)
Mel wrote: On Saturday 01 September 2007 14:36:13 Rolf G Nielsen wrote: Mel wrote: On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: I just installed 7.0-CURRENT (after someone said on this list that it's very stable and there are very few bugs left). So far it seems to work fine, but there's one thing that bothers me. I repeatedly get the following messages in the console: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() One of those, or sometimes both, appear every time someone logs in, and since I use fetchmail to get mail from several accounts and deliver them locally, and then a local POP3 server from which my mail clients gets the mail, the logins, and thus the warning/error messages, are quite frequent. Now for my actual questions: 1. How severe are those messages? Should I assume that there are security holes? Don't think so. I think you didn't recompile PAM-aware software (like fetchmail and qpopper) so PAM warns you they didn't call the proper functions. 2. How do I get rid of the messages? No matter how severe they are, I do NOT want them filling up the console. So how could I correct the problem? Silence it by altering auth.notice to auth.none on the /dev/console line in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). 2a. Why do those messages appear at all? Could I have done something wrong when building and installing world and/or kernel? I think it's mostly the port software. Sshd for instance shouldn't generate this problem. Here's exactly what I've done: 1. I downloaded the sources into a separate source tree (to keep the 6.2 sources if I wanted to roll back), /usr/src7. Aha! [1] k. mergemaster [1] Are you sure temproot was made using /usr/src7 and not /usr/src? I'm pretty sure this is the culprit. The only thing different that I did, was using a cross-partition install (so that machine can boot -stable and -current) and the major diff with that is, that you get a virgin /etc/. Another minor diff is that you're recommended to recompile after booting into -current, however, I still have the auth log from the first boot and did not find any messages similar to yours, which I should have if it's a problem in -current. If you suspect the mergemaster problem: mv /usr/src /usr/src6 ln -s /usr/src7 /usr/src mergemaster Thanks for the tip. I'll give it a go. -- Sincerly, Rolf Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAM issues in -CURRENT (supplement)
On Saturday 01 September 2007 14:36:13 Rolf G Nielsen wrote: > Mel wrote: > > On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: > >> I just installed 7.0-CURRENT (after someone said on this list that it's > >> very stable and there are very few bugs left). So far it seems to work > >> fine, but there's one thing that bothers me. I repeatedly get the > >> following messages in the console: > >> > >> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() > >> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() > >> > >> One of those, or sometimes both, appear every time someone logs in, and > >> since I use fetchmail to get mail from several accounts and deliver them > >> locally, and then a local POP3 server from which my mail clients gets > >> the mail, the logins, and thus the warning/error messages, are quite > >> frequent. > >> > >> Now for my actual questions: > >> > >> 1. How severe are those messages? Should I assume that there are > >> security holes? > > > > Don't think so. I think you didn't recompile PAM-aware software (like > > fetchmail and qpopper) so PAM warns you they didn't call the proper > > functions. > > > >> 2. How do I get rid of the messages? No matter how severe they are, I do > >> NOT want them filling up the console. So how could I correct the > >> problem? > > > > Silence it by altering auth.notice to auth.none on the /dev/console line > > in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). > > > >> 2a. Why do those messages appear at all? Could I have done something > >> wrong when building and installing world and/or kernel? > > > > I think it's mostly the port software. Sshd for instance shouldn't > > generate this problem. > > Here's exactly what I've done: > > 1. I downloaded the sources into a separate source tree (to keep the 6.2 > sources if I wanted to roll back), /usr/src7. Aha! [1] > k. mergemaster [1] Are you sure temproot was made using /usr/src7 and not /usr/src? I'm pretty sure this is the culprit. The only thing different that I did, was using a cross-partition install (so that machine can boot -stable and -current) and the major diff with that is, that you get a virgin /etc/. Another minor diff is that you're recommended to recompile after booting into -current, however, I still have the auth log from the first boot and did not find any messages similar to yours, which I should have if it's a problem in -current. If you suspect the mergemaster problem: mv /usr/src /usr/src6 ln -s /usr/src7 /usr/src mergemaster -- Mel People using reply to all on lists, must think I need 2 copies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAM issues in -CURRENT (supplement)
Mel wrote: On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: I just installed 7.0-CURRENT (after someone said on this list that it's very stable and there are very few bugs left). So far it seems to work fine, but there's one thing that bothers me. I repeatedly get the following messages in the console: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() One of those, or sometimes both, appear every time someone logs in, and since I use fetchmail to get mail from several accounts and deliver them locally, and then a local POP3 server from which my mail clients gets the mail, the logins, and thus the warning/error messages, are quite frequent. Now for my actual questions: 1. How severe are those messages? Should I assume that there are security holes? Don't think so. I think you didn't recompile PAM-aware software (like fetchmail and qpopper) so PAM warns you they didn't call the proper functions. 2. How do I get rid of the messages? No matter how severe they are, I do NOT want them filling up the console. So how could I correct the problem? Silence it by altering auth.notice to auth.none on the /dev/console line in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). 2a. Why do those messages appear at all? Could I have done something wrong when building and installing world and/or kernel? I think it's mostly the port software. Sshd for instance shouldn't generate this problem. Here's exactly what I've done: 1. I downloaded the sources into a separate source tree (to keep the 6.2 sources if I wanted to roll back), /usr/src7. 2. I copied my kernel config file from /usr/src/sys/i386/conf to /usr/src7/sys/i386/conf. 3. I edited the kernel config file, comparing it to /usr/src7/sys/conf/NOTES and /usr/src7/sys/i386/conf/NOTES, to remove any deprecated options and possibly add new options I might be interested in 4. I edited config files, to temporarily disable autoload of nvidia driver, starting up xdm and some apps such as fetchmail and popd. 5. (leaving out obvious bits, such as mounting and cd'ing) a. make -DALWAYS_CHECK_MAKE buildworld b. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER buildkernel c. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER KODIR=/boot/testkernel installkernel d. nexkboot -k testkernel (to make sure new kernel would boot) e. reboot f. make -DALWAYS_CHECK_MAKE KERNCONF=TRAPPER installkernel g. reboot into single user h. mergemaster -p i. make -DALWAYS_CHECK_MAKE installworld j. make delete-old k. mergemaster l. reboot 6. Here's when I first noticed those warnings 7. a. portupgrade -fax nvidia-driver b. portupgrade -f nvidia-driver 8. I edited the config files to re-enable what I disabled in 4. 9. reboot. I'd be happy to send anyone my kernel config file, if you think that might be the cause. -- Sincerly, Rolf Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAM issues in -CURRENT
On Saturday 01 September 2007 14:05:51 Rolf G Nielsen wrote: > Mel wrote: > > On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: > >> I just installed 7.0-CURRENT (after someone said on this list that it's > >> very stable and there are very few bugs left). So far it seems to work > >> fine, but there's one thing that bothers me. I repeatedly get the > >> following messages in the console: > >> > >> in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() > >> in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() > >> > >> One of those, or sometimes both, appear every time someone logs in, and > >> since I use fetchmail to get mail from several accounts and deliver them > >> locally, and then a local POP3 server from which my mail clients gets > >> the mail, the logins, and thus the warning/error messages, are quite > >> frequent. > >> > >> Now for my actual questions: > >> > >> 1. How severe are those messages? Should I assume that there are > >> security holes? > > > > Don't think so. I think you didn't recompile PAM-aware software (like > > fetchmail and qpopper) so PAM warns you they didn't call the proper > > functions. > > > >> 2. How do I get rid of the messages? No matter how severe they are, I do > >> NOT want them filling up the console. So how could I correct the > >> problem? > > > > Silence it by altering auth.notice to auth.none on the /dev/console line > > in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). > > > >> 2a. Why do those messages appear at all? Could I have done something > >> wrong when building and installing world and/or kernel? > > > > I think it's mostly the port software. Sshd for instance shouldn't > > generate this problem. > > It does it for EVERY login. Also with xdm and login. And I did forcibly > recompiled ALL ports. How did you upgrade? Cross-partition or in-place? A current installation of a few days old says: find /etc/pam.d -type f \! -name README |xargs grep FreeBSD: | sed -e 's%^.*\(src/.*\)Exp.*$%\1%' src/etc/pam.d/atrun,v 1.1 2007/06/15 12:02:16 yar src/etc/pam.d/cron,v 1.1 2007/06/17 17:25:52 yar src/etc/pam.d/ftpd,v 1.19 2007/06/10 18:57:20 yar src/etc/pam.d/gdm,v 1.8 2007/06/10 18:57:20 yar src/etc/pam.d/imap,v 1.7 2007/06/15 11:33:13 yar src/etc/pam.d/kde,v 1.7 2007/06/10 18:57:20 yar src/etc/pam.d/login,v 1.17 2007/06/10 18:57:20 yar src/etc/pam.d/other,v 1.11 2007/06/10 18:57:20 yar src/etc/pam.d/passwd,v 1.3 2003/04/24 12:22:42 des src/etc/pam.d/pop3,v 1.7 2007/06/15 11:33:13 yar src/etc/pam.d/rsh,v 1.6 2007/06/10 18:57:20 yar src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des src/etc/pam.d/system,v 1.1 2003/06/14 12:35:05 des src/etc/pam.d/telnetd,v 1.8 2007/06/10 18:57:20 yar src/etc/pam.d/xdm,v 1.11 2007/06/10 18:57:20 yar src/etc/pam.d/ftpd,v 1.19 2007/06/10 18:57:20 yar If yours are different, you may need to re-run mergemaster. Otherwise, I'd take it to -current list, cause I don't see what you're seeing. -- Mel People using reply to all on lists, must think I need 2 copies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAM issues in -CURRENT
Mel wrote: On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: I just installed 7.0-CURRENT (after someone said on this list that it's very stable and there are very few bugs left). So far it seems to work fine, but there's one thing that bothers me. I repeatedly get the following messages in the console: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() One of those, or sometimes both, appear every time someone logs in, and since I use fetchmail to get mail from several accounts and deliver them locally, and then a local POP3 server from which my mail clients gets the mail, the logins, and thus the warning/error messages, are quite frequent. Now for my actual questions: 1. How severe are those messages? Should I assume that there are security holes? Don't think so. I think you didn't recompile PAM-aware software (like fetchmail and qpopper) so PAM warns you they didn't call the proper functions. 2. How do I get rid of the messages? No matter how severe they are, I do NOT want them filling up the console. So how could I correct the problem? Silence it by altering auth.notice to auth.none on the /dev/console line in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). 2a. Why do those messages appear at all? Could I have done something wrong when building and installing world and/or kernel? I think it's mostly the port software. Sshd for instance shouldn't generate this problem. It does it for EVERY login. Also with xdm and login. And I did forcibly recompiled ALL ports. -- Sincerly, Rolf Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PAM issues in -CURRENT
On Saturday 01 September 2007 10:54:58 Rolf G Nielsen wrote: > I just installed 7.0-CURRENT (after someone said on this list that it's > very stable and there are very few bugs left). So far it seems to work > fine, but there's one thing that bothers me. I repeatedly get the > following messages in the console: > > in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() > in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() > > One of those, or sometimes both, appear every time someone logs in, and > since I use fetchmail to get mail from several accounts and deliver them > locally, and then a local POP3 server from which my mail clients gets > the mail, the logins, and thus the warning/error messages, are quite > frequent. > > Now for my actual questions: > > 1. How severe are those messages? Should I assume that there are > security holes? Don't think so. I think you didn't recompile PAM-aware software (like fetchmail and qpopper) so PAM warns you they didn't call the proper functions. > 2. How do I get rid of the messages? No matter how severe they are, I do > NOT want them filling up the console. So how could I correct the problem? Silence it by altering auth.notice to auth.none on the /dev/console line in /etc/syslog.conf and then restart syslogd (/etc/rc.d/syslogd restart). > 2a. Why do those messages appear at all? Could I have done something > wrong when building and installing world and/or kernel? I think it's mostly the port software. Sshd for instance shouldn't generate this problem. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PAM issues in -CURRENT
I just installed 7.0-CURRENT (after someone said on this list that it's very stable and there are very few bugs left). So far it seems to work fine, but there's one thing that bothers me. I repeatedly get the following messages in the console: in openpam_dispatch(): pam_nologin.so: no pam_sm_authenticate() in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() One of those, or sometimes both, appear every time someone logs in, and since I use fetchmail to get mail from several accounts and deliver them locally, and then a local POP3 server from which my mail clients gets the mail, the logins, and thus the warning/error messages, are quite frequent. Now for my actual questions: 1. How severe are those messages? Should I assume that there are security holes? 2. How do I get rid of the messages? No matter how severe they are, I do NOT want them filling up the console. So how could I correct the problem? 2a. Why do those messages appear at all? Could I have done something wrong when building and installing world and/or kernel? -- Sincerly, Rolf Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
