Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 97897 - /etc/pam.d/xdm points to pam_console.so which is missing
Summary: /etc/pam.d/xdm points to pam_console.so which is missing
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo X packagers
URL:
Whiteboard:
Keywords: Inclusion
: 98458 (view as bug list)
Depends on:
Blocks: 31877 100688
  Show dependency tree
 
Reported: 2005-07-04 05:06 UTC by Martin Mokrejš
Modified: 2006-02-12 13:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Mokrejš 2005-07-04 05:06:05 UTC
I just found in /var/log/messages the following:

Jul  4 13:38:49 aquarius [drm] Initialized drm 1.0.0 20040925
Jul  4 13:38:49 aquarius ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 16 (level, low) -> IRQ 16
Jul  4 13:38:49 aquarius [drm] Initialized radeon 1.16.0 20050311 on minor 0: ATI Technologies Inc RV280 [Radeon 9200]
Jul  4 13:38:49 aquarius agpgart: Found an AGP 3.0 compliant device at 0000:00:00.0.
Jul  4 13:38:49 aquarius agpgart: Putting AGP V3 device at 0000:00:00.0 into 4x mode
Jul  4 13:38:49 aquarius agpgart: Putting AGP V3 device at 0000:01:00.0 into 4x mode
Jul  4 13:38:49 aquarius [drm] Loading R200 Microcode
Jul  4 13:40:01 aquarius cron[18983]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Jul  4 13:41:59 aquarius : PAM unable to dlopen(/lib/security/pam_console.so)
Jul  4 13:41:59 aquarius : PAM [dlerror: /lib/security/pam_console.so: cannot open shared object file: No such file or directo
ry]
Jul  4 13:41:59 aquarius : PAM adding faulty module: /lib/security/pam_console.so
Jul  4 13:41:59 aquarius xdm(pam_unix)[18900]: session opened for user mmokrejs by (uid=0)


The file is really not installed. I use pam-0.78-r2.

# grep pam_console /etc/pam.d/*
/etc/pam.d/kde:session    optional     pam_console.so
/etc/pam.d/kde-np:session    optional     pam_console.so
/etc/pam.d/login:# If you want to enable pam_console, uncomment the following line
/etc/pam.d/login:# and read carefully README.pam_console in /usr/share/doc/pam*
/etc/pam.d/login:#session    optional    /lib/security/pam_console.so
/etc/pam.d/xdm:session    optional     pam_console.so
/etc/pam.d/xserver:#auth       required     pam_console.so
#

# emerge info
Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.13-rc1 i686)
=================================================================
System uname: 2.6.13-rc1 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz
Gentoo Base System version 1.6.12
ccache version 2.4 [disabled]
dev-lang/python:     2.3.5, 2.4.1-r1
sys-apps/sandbox:    1.2.8
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.4.19-r1, 2.6.11-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O0 -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=pentium4 -O0 -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distcc distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.muni.cz/pub/linux/gentoo http://gentoo.mirror.icd.hu/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/"
LINGUAS="cs cz en"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X Xaw3d aalib acpi adns afs alsa apache2 apm arts ati avcodec avi bidi bitmap-fonts bonobo caca cdparanoia crypt cscope cups curl dba debug dga directfb distcc divx divx4 divx4linux divx5 divx5linux dv dvb dvd dvdr dvdread emacs emacs-w3 emboss encode esd ethereal evo f77 faac faad faad2 fam fame fbcon ffmpeg flac flash foomaticdb fortran fvwm fvwm2 gb gd gdbm ggi gif gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile i8x0 icc imagemagick imlib imlib2 innodb java jpeg junit lcms leim libg++ libwww live lpthread lzo lzw-tiff mad mcal mesa mikmod mmx mmx2 motif mozilla mp3 mpeg mule mysql ncurses network nls nptl ogg oggvorbis opengl oss pam pda pdflib perl php php4 plotutils png ppds pthread pthreads python qt qtx quicktime readline rtc samba scanner sdl slang slp speex spell sse sse2 sse3 ssl svga tcltk tcpd tetex tex theora thread threads tiff truetype truetype-fonts type1-fonts unicode usb v4l v4l2 vorbis win32 winvidix wmf xine xml xml2 xmms xosd xv xvid xvmc yv12 zeo zlib video_cards_radeon linguas_cs linguas_cz linguas_en userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 05:31:45 UTC
Not a vulnerability, reassigning to PAM team.
May be related to bug 31877 though...
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-04 05:43:31 UTC
Reassigning to X11 team, it's not a problem with pam. 
 
 
X11: I'll fix pamd_mimic_system to create pam-0.77 compatible pamd files, you 
probably want to use that to create /etc/pam.d/xdm. 
 
Comment 3 Martin Schlemmer (RETIRED) gentoo-dev 2005-07-05 13:31:24 UTC
We do not want to use pam_console with 2.6 kernels and udev any longer, so
please just comment those lines until the X team removes them.
Comment 4 Donnie Berkholz (RETIRED) gentoo-dev 2005-07-05 13:44:10 UTC
Since X clearly does have to retain compat with 2.4, what would you like us to
do here?
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-05 13:54:15 UTC
Who's using 2.4 should be able to put pam_console there, in case just add a 
commented line which can be just uncommented to enable. 
 
Still, it shouldn't be an issue neither on 2.4 as devfs can easily take care 
of those settings anyway. 
 
Comment 6 Donnie Berkholz (RETIRED) gentoo-dev 2005-07-09 13:34:08 UTC
*** Bug 98458 has been marked as a duplicate of this bug. ***
Comment 7 Gregorio Guidi (RETIRED) gentoo-dev 2005-07-09 14:50:32 UTC
Just for clarity, using pam_console or not is not related to using devfs or  
udev. One can have pam_console enabled or disabled and everything will work  
with both udev and devfs.  
  
In fact, we want to disable pam_console by default for everyone, when using  
udev it is just more evident that pam_console is not much useful.  
  
So you can safely remove the references to pam_console in newer versions of 
xdm.pamd.  
Comment 8 Joshua Baergen (RETIRED) gentoo-dev 2005-09-07 16:01:24 UTC
This has been fixed for the modular xdm package btw.
Comment 9 Donnie Berkholz (RETIRED) gentoo-dev 2005-10-05 20:46:42 UTC
Is anything in portage still doing this?
Comment 10 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-10-06 01:42:40 UTC
Think xdm and one apache modulare are the last ones. 
Comment 11 Donnie Berkholz (RETIRED) gentoo-dev 2005-10-06 09:03:58 UTC
xdm in which xorg version?
Comment 12 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-10-06 13:03:47 UTC
6.8.99.15-r? here still use it. 
 
Comment 13 Joshua Baergen (RETIRED) gentoo-dev 2005-10-06 16:54:27 UTC
Is it really important to you that these Xorg versions are fixed?  They're just
going to be dropped sooner or later anyway...
Comment 14 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-10-06 17:19:45 UTC
Both stable and unstable users get a sys-libs/pam without pam_console. Having pam_console in required 
makes it impossible to use xdm by default.
Comment 15 Donnie Berkholz (RETIRED) gentoo-dev 2005-10-06 18:28:02 UTC
6.8.2:
files/xdm.pamd:session    optional     pam_console.so
files/xserver.pamd:#auth       required     pam_console.so

The same is true for 6.8.99.15. What are you looking at that's different?
Comment 16 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-10-07 03:49:47 UTC
Sorry just grepped for pam_console, it's usually as required as it doesn't 
work anyway otherwise. So there's no point in leaving pam_console line there 
anyway. 
Comment 17 Joshua Baergen (RETIRED) gentoo-dev 2005-10-07 08:27:52 UTC
These lines don't exist in modular at all...I don't think rolling out new
filesets for Xorg to get rid of commented lines is necessary at this point.  Donnie?
Comment 18 Donnie Berkholz (RETIRED) gentoo-dev 2005-10-07 09:50:32 UTC
(In reply to comment #17)
> These lines don't exist in modular at all...I don't think rolling out new
> filesets for Xorg to get rid of commented lines is necessary at this point. 
Donnie?

Might as well do it next time changes are made to the respective versions, but I
wouldn't rush.
Comment 19 Joshua Baergen (RETIRED) gentoo-dev 2005-10-07 12:29:58 UTC
Alright, I marked with an Inclusion keyword so we'll look at it.
Comment 20 Carlo Marcelo Arenas Belon 2005-10-30 20:52:46 UTC
just a clarification to any gentoo user which is getting this error (/lib64 here
'cause i am using amd64 but that is arch dependant):

Oct 31 01:28:11 laptop : PAM [dlerror: /lib64/security/pam_console.so: cannot
open shared object file: No such file or directory]

it is not really a problem as it is being triggered by the following optional
configuration (/etc/pam.d/xdm)

session    optional     pam_console.so

and which is failing because pam_console.so doesn't get compiled by default in
the pam ebuild (unless USE="pam_console" is added) and because pam_console's use
is meant to be deprecated in favor of udev/devfs managing of console permissions
 where possible.

in order to get rid of the annoying message just comment the above line, no
functionality will be lost because of that.
Comment 21 Donnie Berkholz (RETIRED) gentoo-dev 2006-02-12 13:00:55 UTC
6.8.2 won't be receiving any more non-security changes, and this bug is fixed in 7.0.