n
you point me to the right
place (PAM or something, pam_env isn't available on FreeBSD)?
If this is a trivial issue and caused by lack of my personell
knowledge, please excuse.
Kind regards,
Hey, even if you manage to do that, you probably shouldn't address
your problem this way:
edirectory on any machine within the domain will still be allowed to login,
even if
the home dir is not present. They get loged in onto the root of the filesystem,
when
login via SSH.
Is there a way to prohibit login if homedir isn't present? Can you point me to
the right
place (PAM or som
w optional, and
|> a tad different) session support for my pam_xdg PAM module,
|> because i was thinking that, if such a many-eyes-seen thing of
|> a software project that claims to be and aims at being enterprise,
|> ships such a terrible and terribly broken thing, then i can als
On Mon, Sep 06, 2021 at 04:01:37PM +0200, Steffen Nurpmeso wrote:
> Eric McCorkle wrote in
> :
> |Interesting, I wasn't aware of the upstream module. I'd say that's
>
> It's existence was the reason i have readded (now optional, and
> a tad different) ses
Eric McCorkle wrote in
:
|Interesting, I wasn't aware of the upstream module. I'd say that's
It's existence was the reason i have readded (now optional, and
a tad different) session support for my pam_xdg PAM module,
because i was thinking that, if such a many-eyes-seen
Eric McCorkle wrote in
:
...
>> This patch creates a new PAM module that will load a ZFS key upon a
>> successful login: https://reviews.freebsd.org/D31844. It will use the
>> user's auth token as the key argument to loading a ZFS encryption key on
>>
uot; is your key.
In the case of the PAM module, this ends up being "direct:password".
It looks like they essentially pull in all the libzfs logic for
preparing keys. If you notice, they go directly to lzc_load_key (that
is basically a thin wrapper around the ioctl).
It's worth noti
ng will fail if someone is still
accessing my data after I'm gone.)
On 9/6/21 10:01 AM, Steffen Nurpmeso wrote:
> Eric McCorkle wrote in
> :
> |Interesting, I wasn't aware of the upstream module. I'd say that's
>
> It's existence was the reason i have re
5, 2021 4:54:26 PM GMT+03:00, Eric McCorkle
> wrote:
>> All,
>>
>> This patch creates a new PAM module that will load a ZFS key upon a
>> successful login: https://reviews.freebsd.org/D31844. It will use the
>> user's auth token as the key argument to loadi
On September 5, 2021 4:54:26 PM GMT+03:00, Eric McCorkle
wrote:
>All,
>
>This patch creates a new PAM module that will load a ZFS key upon a
>successful login: https://reviews.freebsd.org/D31844. It will use the
>user's auth token as the key argument to loading a ZFS
All,
This patch creates a new PAM module that will load a ZFS key upon a
successful login: https://reviews.freebsd.org/D31844. It will use the
user's auth token as the key argument to loading a ZFS encryption key on
a user-specific ZFS data set.
This is the other side of my changeset to
Hello all,
I have a question regarding the behavior of the PAM module, in particular
pertaining to the default behavior wherein root login is completely disabled
(even from the physical console) when the permissions on the PAM configuration
files in `/etc/pam.d/` are incorrect (anything other
his the best way to resolve
> > the strict aliasing issues in this code?
>
> I really don't like that sort of game. If you look at other PAM
> consumer code, you'll see that the common idiom is what Jilles
> suggested, i.e. use a temporary variable of the appropriate ty
his gets the module to
> WARNS=2, but to go farther, the "logically const" issues with this
> code will need to be sorted out.
>
> Is this change worth committing? Is this the best way to resolve
> the strict aliasing issues in this code?
I really don't like that sort of g
On Fri, Jul 13, 2012 at 04:14:17PM -0600, Justin T. Gibbs wrote:
> Someone who has yet to confess added -Werror to the global CFLAGS
> (via /etc/make.conf) for one of our systems at work. Before I
> figured out that this was the cause of builds failing, I hacked up
> pam_passwdc to resolve the pro
Someone who has yet to confess added -Werror to the global CFLAGS
(via /etc/make.conf) for one of our systems at work. Before I
figured out that this was the cause of builds failing, I hacked up
pam_passwdc to resolve the problem. This gets the module to
WARNS=2, but to go farther, the "logically
Doug Barton writes:
> su
> Segmentation fault: 11
Weird, I've been running it for months... I'll look into it right away.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/
su
Segmentation fault: 11
no core is produced.
Currently broken: r236118
Previous r235567
sudo works.
--
This .signature sanitized for your protection
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinf
Don Lewis writes:
> building shared library libpam.so.5
> make: don't know how to make openpam.3. Stop
> *** Error code 2
Ah, yes, the man pages are generated during the release process, so you
either have to copy them over from the original contrib/openpam
directory (or export the new sources on
On 11 Jan, Dag-Erling Smørgrav wrote:
> Could you please try this:
>
> # cd /usr/src/contrib
> # mv openpam openpam.orig
> # svn export svn://svn.des.no/openpam/trunk@526 openpam
> # cd ../lib/libpam
> # make depend && make all && make install
[snip]
building shared library libpam.so.5
make: don'
Could you please try this:
# cd /usr/src/contrib
# mv openpam openpam.orig
# svn export svn://svn.des.no/openpam/trunk@526 openpam
# cd ../lib/libpam
# make depend && make all && make install
In addition to the pam.conf issue, the major changes relative to head
are reduced log spam, improved log
On 10 Jan, Dag-Erling Smørgrav wrote:
> If at any point in this conversation I seemed to make _no sense at all_,
> it was because I conflated it with a completely different OpenPAM issue
> (error reporting in openpam_dynamic.c) which has been on my mind lately.
> Sorry about that. I will attempt t
If at any point in this conversation I seemed to make _no sense at all_,
it was because I conflated it with a completely different OpenPAM issue
(error reporting in openpam_dynamic.c) which has been on my mind lately.
Sorry about that. I will attempt to address both issues in the next
release, whi
On 9 Jan, Dag-Erling Smørgrav wrote:
> Don Lewis writes:
>> After staring at the code a lot more, I see your point about the loss of
>> information. The problem is that openpam_parse_chain() returns
>> PAM_SUCCESS whether or not if found anything, but we want the loop to
>> terminate when either
Don Lewis writes:
> After staring at the code a lot more, I see your point about the loss of
> information. The problem is that openpam_parse_chain() returns
> PAM_SUCCESS whether or not if found anything, but we want the loop to
> terminate when either an error is detected or if openpam_parse_ch
On 9 Jan, Dag-Erling Smørgrav wrote:
> Don Lewis writes:
>> Dag-Erling Smørgrav writes:
>> > The culprit was this commit:
>> >
>> > http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c
>> >
>> > However, I'm not confident that simply reverting this commit is the
>> > right wa
Don Lewis writes:
> Dag-Erling Smørgrav writes:
> > The culprit was this commit:
> >
> > http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c
> >
> > However, I'm not confident that simply reverting this commit is the
> > right way to go.
> Thanks for the detective work. It l
On 9 Jan, Dag-Erling Smørgrav wrote:
> Don Lewis writes:
>> The documentation says that /etc/pam.conf is only used if
>> /etc/pam.d/service-name isn't found, and the code appears to agree
>> with that, however this doesn't seem to be working as expected af
Don Lewis writes:
> The documentation says that /etc/pam.conf is only used if
> /etc/pam.d/service-name isn't found, and the code appears to agree
> with that, however this doesn't seem to be working as expected after
> the latest import of PAM.
The culprit was this commi
used pam_skey. The
documentation says that /etc/pam.conf is only used if
/etc/pam.d/service-name isn't found, and the code appears to agree with
that, however this doesn't seem to be working as expected after the
latest import of PAM.
___
freeb
Whatever was just changed in the libpam family, it breaks
courier-authdaemond:
authdaemond: in openpam_load_module(): no pam_unix.so found
imb
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-curre
D from its old sources from about
> October 2010. After the upgrade I ran into an unusual problem. I've worked
> around the issue for now, but I was wondering if anyone could help me solve
> it correctly.
>
> The problem is that all PAM related operations fail inside jails
Hello all,
I upgraded my server today to a recent HEAD from its old sources from about
October 2010. After the upgrade I ran into an unusual problem. I've worked
around the issue for now, but I was wondering if anyone could help me solve it
correctly.
The problem is that all PAM re
d for
authentication), with later entries falling back to NIS or traditional
files. But this arrangement allows traditional APIs to work reasonably
--- and you can layer PAM and NSS on top of it as compatibility APIs.
--
brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED]
syste
tory "usually the worst" for storing
authentication information?
What do you think are the correct fracture points and
how do they relate to the existing PAM/NSS frameworks?
Tim
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/ma
Garrett Wollman <[EMAIL PROTECTED]> writes:
> < =?iso-8859-1?q?Sm=F8rgrav?=) said:
> > The problem is that the authentication information needs to be stored
> > somewhere, and the usual solution is to store it in the directory,
> ...which is usually the worst possible place. Please don't penalize
< The problem is that the authentication information needs to be stored
> somewhere, and the usual solution is to store it in the directory,
...which is usually the worst possible place. Please don't penalize
those of us with sensible authentication systems.
-GAWollman
ores first and last name separately while /etc/passwd
only has the one GCOS field).
> It seems to me that this is a direct result of passwd(1) confusing
> authentication and authorization. Other than determining the default
> target user name from the current UID, passwd(1) needs only to i
t of the mud, so we
> are forced to keep rooting around in it.
What's an example of what you mean? The BSD nsswitch implementation
has a generic nsdispatch(3) that allows for new applications, but I'm
not sure that is what you mean. At any rate, it is not `NSS' proper, it
i
On Mon, 2003-12-01 at 11:48, Dag-Erling SmÃrgrav wrote:
> > If I understand you correctly, you believe that it would be possible
> > to unite the NSS and PAM switches, so that they used the same
> > configuration file, dynamic loading mechanisms, cascading, and so
> > o
On Mon, 1 Dec 2003, Dag-Erling Smørgrav wrote:
> "Jacques A. Vidrine" <[EMAIL PROTECTED]> writes:
> > By `the two', do you mean directory services and authentication? They
> > are certainly not `essentially one'. But I suspect you know this and
> > I am just misunderstanding your meaning.
>
> T
eed to
> be re-written in order to utilize NSS. That's a lot of code to change
> for little benefit.
Backward compatibility is fine, but NSS does not seem to export an API
that we can use when we want to lift ourselves out of the mud, so we
are forced to keep rooting around in it. On
eir superior
> functionality.
I guess I think of it this way. If NSS had not been implemented
`down in the mud' (inside getpw*, getgr*, gethostby*, etc.), then
applications that used the UNIX directory service APIs would need to
be re-written in order to utilize NSS. That's a
On Sat, Nov 29, 2003 at 02:01:02PM +0100, Matthias Andree wrote:
> "Jacques A. Vidrine" <[EMAIL PROTECTED]> writes:
> > NSS and PAM do not overlap.
>
> I wonder how PAM gets "system" authentication information for pam_pwdb
> or pam_unix or how it'
slave-mike wrote:
why does /bin/sh need NSS support?
1. If you are using pam_ldap, tilde expansion will be broken in /bin/sh
without nss_ldap support.
2. Tilde expansion is required for POSIX conformance.
It's not the strongest rationale. But it's something to consider.
Richard Coleman
[EMAIL
slave-mike <[EMAIL PROTECTED]> writes:
> why does /bin/sh need NSS support?
Because /bin/sh uses getpwnam(). We've been through this before.
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mai
Richard Coleman <[EMAIL PROTECTED]> writes:
> Replacing passwd/group/NSS/PAM/whatever with a real database or
> directory backend is a kind of holy grail for Unix that's been
> discussed for many years.
You're mixing apples and oranges here. NSS and PAM are not backend
t;> > adopting this cool infrastructure if all you are going to do with it
>> > is make a better PAM out of it?
>>
>> The important thing is that NSS allows to plug modules such as LDAP or
>> PostgreSQL for user base management. PAM is only halfway there
why does /bin/sh need NSS support?
Jacques A. Vidrine wrote:
[Threading intentionally broken.]
On Sat, Nov 29, 2003 at 01:16:25AM +0100, Dag-Erling Sm?rgrav wrote:
"Jacques A. Vidrine" <[EMAIL PROTECTED]> writes:
NSS and PAM do not overlap. They are complimentary and one cann
e of their superior
functionality.
As for PAM, a lot of what's wrong with it today could be fixed by
redesigning it to include directory services. If you fixed the
conversation system (by formalizing service function execution as an
FSM) and cleaned up the configuration syntax, you'd end up with
itself doesn't make much sense to me; it's an elaborate hack
designed to drag all those nice shiny directory services down in the
mud where struct passwd has been wallowing for the past twenty years,
instead of allowing applications to take advantage of their superior
functionality.
[Threading intentionally broken.]
On Sat, Nov 29, 2003 at 01:16:25AM +0100, Dag-Erling Smørgrav wrote:
> "Jacques A. Vidrine" <[EMAIL PROTECTED]> writes:
> > NSS and PAM do not overlap. They are complimentary and one cannot do
> > the job of the other.
>
&
"Jacques A. Vidrine" <[EMAIL PROTECTED]> writes:
> NSS and PAM do not overlap. They are complimentary and one cannot do
> the job of the other.
That is a bug in NSS, PAM or both.
(BTW, I think you mean that they are complementary, not complimentary,
although it is ce
On Wed, Nov 26, 2003 at 02:00:08AM +0100, Matthias Andree wrote:
> Matthew Dillon <[EMAIL PROTECTED]> writes:
>
> > How much do you intend to use NSS for? I mean, what's the point of
> > adopting this cool infrastructure if all you are going to do with it
>
On Tue, 25 Nov 2003, David O'Brien wrote:
> On Wed, Nov 26, 2003 at 02:00:08AM +0100, Matthias Andree wrote:
> > As a user, I like /rescue better than the step-child that /stand/* used
> > to be. It's part of the world, which /stand wasn't.
>
> Except that we still have /stand. It should be shot
On Wed, Nov 26, 2003 at 02:00:08AM +0100, Matthias Andree wrote:
> As a user, I like /rescue better than the step-child that /stand/* used
> to be. It's part of the world, which /stand wasn't.
Except that we still have /stand. It should be shot, but some won't let
it go...
___
Matthew Dillon <[EMAIL PROTECTED]> writes:
> How much do you intend to use NSS for? I mean, what's the point of
> adopting this cool infrastructure if all you are going to do with it
> is make a better PAM out of it?
The important thing is that NSS allows to
Brandon S. Allbery KF8NH wrote:
> On Sat, 2003-09-06 at 03:41, Steven G. Kargl wrote:
> > Brandon S. Allbery KF8NH wrote:
> > > On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote:
> > > > I have 2 accounts on my freebsd-current machine. I use
> > > > startx to start X11 as user kargl. If I then s
Pat Lashley wrote:
> --On Saturday, September 06, 2003 00:31:17 -0700 "Steven G. Kargl"
> <[EMAIL PROTECTED]> wrote:
>
> > I don't quite understand your suggestion.
> >
> > I login as user kargl. I fire up X11
> > as user kargl with startx. I use su in a
> > xterm to connect to my alter ego (su
--On Saturday, September 06, 2003 00:31:17 -0700 "Steven G. Kargl"
<[EMAIL PROTECTED]> wrote:
I don't quite understand your suggestion.
I login as user kargl. I fire up X11
as user kargl with startx. I use su in a
xterm to connect to my alter ego (su sgk).
Now, as user sgk I want to use a X11
On Sat, 2003-09-06 at 03:41, Steven G. Kargl wrote:
> Brandon S. Allbery KF8NH wrote:
> > On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote:
> > > I have 2 accounts on my freebsd-current machine. I use
> > > startx to start X11 as user kargl. If I then su to user
> > > sgk, I cannot fire up X cl
Brandon S. Allbery KF8NH wrote:
> On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote:
> > I have 2 accounts on my freebsd-current machine. I use
> > startx to start X11 as user kargl. If I then su to user
> > sgk, I cannot fire up X clients. For example,
>
> Is $XAUTHORITY still set in the subs
Pat Lashley wrote:
> --On Friday, September 05, 2003 23:13:29 -0700 "Steven G. Kargl"
> <[EMAIL PROTECTED]> wrote:
>
> > I have 2 accounts on my freebsd-current machine. I use
> > startx to start X11 as user kargl. If I then su to user
> > sgk, I cannot fire up X clients. For example,
>
> Try
--On Friday, September 05, 2003 23:13:29 -0700 "Steven G. Kargl"
<[EMAIL PROTECTED]> wrote:
I have 2 accounts on my freebsd-current machine. I use
startx to start X11 as user kargl. If I then su to user
sgk, I cannot fire up X clients. For example,
Try 'ssh -X [EMAIL PROTECTED]' instead of 'su
On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote:
> I have 2 accounts on my freebsd-current machine. I use
> startx to start X11 as user kargl. If I then su to user
> sgk, I cannot fire up X clients. For example,
Is $XAUTHORITY still set in the subshell?
Can both users read the Xauthority fil
th to ensore that both user kargl
and user sgk have the same key in .Xauthority.
The only thing I can think of that may need to be
configured is PAM, but the documentation is rather
incomplete. So, anyone know how to setup su to
permit sgk to use X clients?
--
St
On Wed, 9 Jul 2003, Ian Freislich wrote:
> Larry Rosenman wrote:
> >
> > --On Tuesday, July 08, 2003 13:58:19 +0200 Lukas Ertl <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Hi,
> > >
> > > can anyone explain why the pgsql user is logged in on console nowadays?
> > I'm seeing the same thing, and am also
Larry Rosenman wrote:
>
>
> --On Tuesday, July 08, 2003 13:58:19 +0200 Lukas Ertl <[EMAIL PROTECTED]>
> wrote:
>
> > Hi,
> >
> > can anyone explain why the pgsql user is logged in on console nowadays?
> I'm seeing the same thing, and am also interested in making it stop.
It's got tomething to
--On Tuesday, July 08, 2003 13:58:19 +0200 Lukas Ertl <[EMAIL PROTECTED]>
wrote:
Hi,
can anyone explain why the pgsql user is logged in on console nowadays?
I'm seeing the same thing, and am also interested in making it stop.
--
Larry Rosenman http://www.lerctr.org/~ler
&& exec ${PREFIX}/bin/pg_ctl start -s -w -l
${logfile}"
echo -n ' pgsql'
}
;;
---8<---
Could it be that su and/or PAM have a problem?
regards,
le
--
Lukas Ertl eMail: [EMAIL PROTECTED]
UNIX-Systemadministrator
Hello.
I'm using Kerberos (heimdal) and off course it uses PAM.
It's working well but I want to know if is the way to change kerberos
password through PAM, not using "kpasswd" command? Or maybe it's even
possible to synchronize kerberos and UNIX passwords?
Can someo
Feb 3 05:02:36 metropolis sshd[3695]: fatal: PAM: initialisation failed
>
> It seems that {build,install}world forgot about pam_krb5.
Oh drat, I am an idiot. I forgot that pam_krb5 is conditional on
MAKE_KERBEROS5.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send m
1:41:29 metropolis sshd[550]: in _openpam_check_error_code():
>pam_sm_setcred(): unexpected return value 24
> >
> > It seems harmless, but pam doesnt sound happy. I did notice that mergemaster
> > updated /etc/pam/sshd by adding some krb5 lines.
>
> That's odd. As
return value 24
>
> It seems harmless, but pam doesnt sound happy. I did notice that mergemaster
> updated /etc/pam/sshd by adding some krb5 lines.
That's odd. Assuming that pam_krb5 is the module which is returning
`24', I fixed that 4 days ago (Wed Jan 29 21:20:38 2003 UTC).
On current as of about four hours ago, sshd spits the following to the console
after a successful login:
Feb 3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code():
pam_sm_setcred(): unexpected return value 24
It seems harmless, but pam doesnt sound happy. I did notice that
t a PR :-/
> The only thing i think that could be goign wrong is something changed w/ PAM
> in Current recently? is that so?.. however SSH still works, so i'm somewhat
> confused. I'm SURE i'm using the correct password ect..
Nope, the port overwrites /etc/pam.d/imap and
host.
The only thing i think that could be goign wrong is something changed w/
PAM in Current recently? is that so?.. however SSH still works, so i'm
somewhat confused.
I'm SURE i'm using the correct password ect..
Anyone have a similar experiance, or any ideas?
Thanks,
Jeff Utt
host.
The only thing i think that could be goign wrong is something changed w/
PAM in Current recently? is that so?.. however SSH still works, so i'm
somewhat confused.
I'm SURE i'm using the correct password ect..
Anyone have a similar experiance, or any ideas?
Thanks,
Jeff Ut
On Thu, Nov 14, 2002 at 04:28:37PM +0100, Dag-Erling Smorgrav wrote:
> Ruslan Ermilov <[EMAIL PROTECTED]> writes:
> > Uh oh, here is the version that seems to work. Once I'm confident it
> > passes the "make release" test (it has already passed the preliminary
> > "make buildworld" test), I intend
Ruslan Ermilov <[EMAIL PROTECTED]> writes:
> Uh oh, here is the version that seems to work. Once I'm confident it
> passes the "make release" test (it has already passed the preliminary
> "make buildworld" test), I intend to commit it.
Thanks!
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To
rtup_libs} ${_prebuild_libs:Nlib/libpam} ${_generic_libs}
${_lib}__L: .PHONY
.if exists(${.CURDIR}/${_lib})
${ECHODIR} "===> ${_lib}"; \
@@ -765,6 +766,16 @@
${MAKE} DIRPRFX=${_lib}/ install
.endif
.endfor
+
+# libpam is special: we need to build static P
Hi folks,
I tried to build webmin on 5.0-current and the required port security/p5-Authen-PAM
fails to build. At first there was an error in configuration which I have fixed and
send the patch (PR ports/ports/44769). Now comes up another error which I'm not
able to fix, because it seems
Hi !
After last build of world (few days ago), PAM services started working and
now I have trouble logging in with root, and starting X. Is there a way to
disable PAM (whole one, not just some modules).
Any help is appreciated.
Andy
' or real problems?
> >
> > I recompiled xdm and the problem went away - I'm not sure if I
> > should have thought about the problem more carefully.
>
> If xdm was compiled with "old-pam", recompiling it is the only thing
> which helps, if it is alre
bol "_openpam_log"]
> > Aug 12 18:20:02 current : adding faulty module:
> > /usr/lib/pam_lastlog.so
> >
> > 'Known behaviour' or real problems?
>
> I recompiled xdm and the problem went away - I'm not sure if I
> should have thought about the
On Mon, Aug 12, 2002 at 10:19:00PM +0200, Matthias Schuendehuette wrote:
> Aug 12 18:20:02 current : [dlerror: /usr/lib/pam_lastlog.so: Undefined
> symbol "_openpam_log"]
> Aug 12 18:20:02 current : adding faulty module: /usr/lib/pam_lastlog.so
>
> 'Known behaviour' or r
Hi,
I set up xdm on my -current machine last Saturday and have the same
problems still with todays (12.Aug) -current:
When I try to login with 'xdm', the following errors come up:
Aug 12 18:20:02 current : unable to dlopen(/usr/lib/pam_nologin.so)
Aug 12 18:20:02 current : [dlerror: /usr/lib/p
I've had the following issue with pam since yesterday's build. I thought
that
today's build would fix it and it hasn't. I know nothing about pam. Could
someone give me a clue as to what I could do to solve this and be able to
ssh into the machine?
May 26 07:27:55
With this morning's build I have somehow lost ssh. I get the following
error:
May 12 10:11:03 worldinternet sshd[24224]: in openpam_load_module(): no
pam_nologin.so found
May 12 10:11:03 worldinternet sshd[24224]: fatal: PAM initialisation failed[1]:
failed to load module
May 12 10:
On Sat, 11 May 2002, Galen Sampson wrote:
> > > Don't mergemaster until after you've installworld'd.
> >
> > Yeah, I bumped into this on the TrustedBSD branch lately also. It goes
> > side by side with the "don't installworld until you mergemaster" rule.
> > And the very basic rule which is "D
Hello,
--- Robert Watson <[EMAIL PROTECTED]> wrote:
>
> On Sat, 11 May 2002, John Baldwin wrote:
>
> > On 11-May-2002 Galen Sampson wrote:
> > > Hello all,
> > >
> > > After a 'make buildworld -DNO_WERROR` with sources today (05/10/02) and a
> > > mergemaster I am seeing the following on the c
On Sat, 11 May 2002, John Baldwin wrote:
> On 11-May-2002 Galen Sampson wrote:
> > Hello all,
> >
> > After a 'make buildworld -DNO_WERROR` with sources today (05/10/02) and a
> > mergemaster I am seeing the following on the console when I su:
>
> Don't mergemaster until after you've installwo
On 11-May-2002 Galen Sampson wrote:
> Hello all,
>
> After a 'make buildworld -DNO_WERROR` with sources today (05/10/02) and a
> mergemaster I am seeing the following on the console when I su:
Don't mergemaster until after you've installworld'd.
> Is this normal?
Welcome to current. It will
Hello all,
After a 'make buildworld -DNO_WERROR` with sources today (05/10/02) and a
mergemaster I am seeing the following on the console when I su:
May 10 22:14:38 su: using dynamic pam_nologin.so
May 10 22:14:38 su: adding pam_nologin.so to cache
May 10 22:14:38 su: pam_lastlog.so: pam_sm_auth
Maxim Sobolev wrote:
> This has nothing to do with the fact that PAM refuses authentification
> request when it's unable to open lastlog rw.
man pam.conf
/optional
...then compare "required", "requisite", "sufficient", and "optional".
-- T
Wilko Bulte wrote:
> On Thu, May 02, 2002 at 04:24:16PM +0300, Maxim Sobolev wrote:
>
> /var mounted ro sounds like a truly bad idea to me BTW.
You could rename it "/invar"...
-- Terry
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Wilko Bulte wrote:
>
> On Thu, May 02, 2002 at 04:24:16PM +0300, Maxim Sobolev wrote:
>
> /var mounted ro sounds like a truly bad idea to me BTW.
This has nothing to do with the fact that PAM refuses authentification
request when it's unable to open lastlog rw.
On Thu, May 02, 2002 at 04:24:16PM +0300, Maxim Sobolev wrote:
/var mounted ro sounds like a truly bad idea to me BTW.
> Hi,
>
> Subject says it all. I'm getting the following from the syslog:
>
> login: cannot open /var/log/lastlog: Read-only file system
> login: pam_open_session(): error in
Hi,
Subject says it all. I'm getting the following from the syslog:
login: cannot open /var/log/lastlog: Read-only file system
login: pam_open_session(): error in service module
This violates POLA, therefore please fix ASAP.
-Maxim
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscr
bsd <[EMAIL PROTECTED]> writes:
> Great thanks!
You're welcome. The attached patch should fix the problem with passwd
asking root for the old password.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
//depot/user/des/pam/lib/libpam/modules/pam_unix/pam_unix.c#14 - /usr/
1 - 100 of 271 matches
Mail list logo