Bug 24213 - sys-auth/pam_mount (new ebuild)
|
Bug#:
24213
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: enhancement
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: hanno@gentoo.org
|
Reported By: nbensa@gmail.com
|
|
Component: Ebuilds
|
|
|
URL:
http://www.flyn.org/projects/pam_mount/index.html
|
|
Summary: sys-auth/pam_mount (new ebuild)
|
|
Keywords: EBUILD, InOverlay
|
|
Status Whiteboard: [sunrise-overlay]
|
|
Opened: 2003-07-09 20:49 0000
|
I'd like pam_mount included in portage.
Many thanks in advance,
Norberto
Reproducible: Always
Steps to Reproduce:
I liked the old bugzilla better :-/
For what it's worth, I'd like to second this request.
And I can't find that damn "vote for this" button, does it only show up when the bug is confirmed?
this is a community project. it would be nice if you made the ebuild
and attached it so that we dont have to do everything on our own.
Created an attachment (id=21301) [details]
Contains pam_mount-0.9.9.ebuild and accompanying Manifest etc
My first e-build :-)
tgz file can be untarred in /usr/local/portage/sys-libs/ and tested.
ebuild pam_mount-0.9.9.ebuild fetches, compiles and installs correctly.
I'm yet to test the functionality, I'll post a follow up (my encrypted test
container is filling :)
1. I'm in the process of testing the ebuild I created yesterday (above) looks
like we need openssl 0.9.7 and above for using container keys.
2. There is a bug in the default emerge of openssl-0.9.7-r1 that I need to fix
[qmerge fails with permission denied as a result of no execute permission on
the /usr/lib/pkgconfig/ dir. Will fix that and post as a seperate bug]
3. Also testing with encrypted containers brought up the issue of GUI processes
like kdeinit and gconfd not releasing locks before pam closes the session. For
example http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75895 [google
search]. I have a better fix with a umount script that waits for no lsof
ouitput.
This adds lsof as a dependency, and I will fix the pam_mount ebuild as well.
The ebuild also needs to install a default config file. Fix will be available
soon, pending a fix of the openssl-0.9.7c-r1.ebuild on my system.
Created an attachment (id=22232) [details]
pam_mount-0.9.9-r1.ebuild and files
Another oops. Fixed a spelling mistake for a doins into /etc/security. Been up
for too many hours since the wee hours of this morning.
Why the high version on openssl, why not just do:
DEPEND="sys-libs/pam dev-libs/openssl sys-apps/lsof"
I have seen the openssl-0.9.7-r1 problem, I've not experienced it though. -r1 worked fine for me. Also, pam_mount has been around for a while so it should still work around older versions of the above libraries for those who do experience the -r1 problem with openssl.
Created an attachment (id=24578) [details]
umount -l switch config patch
This patch just modifies the config file to make use of "umount -l" instead of
the pam_mount_umount script that requires lsof. I still see lsof stuff in the
config file but the patch should at least get rid of the dependancy for the
additional umount script.
Be warn, I've just seen this and have no immediate way of testing it, and do
not have an interrest in doing so, so could somebody that does use pam_mount to
mount home directories please test this out and let me know whether it works.
Note: The most recent version of openssl (i.e. >= 0.9.7c) is required for
encrypted home directories with openssl secured keys. The pam_mount_umount
script is required so that the umount of the encrypted home will succeed when
using KDE/Gnome which do not immediately release locks in the mounted home
directory. I suppose the ebuild can be written with a USE statement so that
people who do not need this functionality will not have these dependencies.
Additional note: pam_mount and loop-aes require some additional configs,
perhaps some coding to use gpg instead of openssl.
When I get all this straightened out, (and I find time away from the paying
job), I'll post the ebuild...
Yes, perhaps, but note that
umount -l /path/to/mount/point
does excactly the same thing as the script, actually slightly better, from the man page:
Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore. (Requires kernel 2.4.11 or later.)
As I understand this no new refferences to this filesystem can be made since it is not attached to the main file system any more, but refferences to the file system as it exists will remain intact. Thus processes that currently has some kind of handle on the file system will still be able to use it (KDE dcop, gnome or whatever else), but a user that logs in after this will have no way of reading data on that partition.
Using the USE flags will be cool thanks, we are only trying to mount homedirectories from a ncp server using pam_mount along with ncpfs.
[Off Topic]On that, is there some simple way I can specify that for any user that logs in a mount command should be executed, with the username and password as provided by the user substituted into the command? For example, say user userA logs in it should mount SOMESERVER\DATA on /mnt/ncp_data with user userA (and it's password), but when userB logs in it should be mounted as userB (with userB's password).
>Yes, perhaps, but note that
>umount -l /path/to/mount/point
>does excactly the same thing as the script, actually slightly better, from the man page:
Cool. :)
Not sure about your other question. I just wrote the ebuild in a hurry to get it in my portage db. Check the home page at http://www.flyn.org/projects/pam_mount/index.html for the original author.
I'm sorry that I did not think the -l option to umount, sorry. I'll test and let you know.
So we learn.
Thanks for the URI - will read it again, properly, I don't see any discussion of the config file itself there, any other sources? I'm currently browsing the Savannah site as well but I'm not seeing much there either (or I'm not looking hard enough)
The -l option is working very nicely. When last I checked in we were looking
to mount ncp shares as part of authentication, we chucked this idea when
digging into ncp and all the mess surrounding that.
Well, anyway, now that samba3 got released we are trying to use
samba3+cifs+pam_mount instead of nfs in order to mount home directories. So
far it's working great, *much* better than expected (and much more secure).
There was one or two things I wasn't sure pam_mount would handle correctly but
all my fears turned out to be bogus so far.
Just one other minor thing, one can match using something like:
volume * smb someserver & /home/& uid=&,gid=users - -
But what happens when some users have their home directories as
/home/somegroup/username and others have it as /home/anothergroup/username?
Obviously the above matching won't work in those cases.
Also, I'd like to leave that 3rd last field as - but somehow that breaks, but
that is not the end of the world and I'll take that up with the developer(s) of
pam_mount.
Anyway, this has been idle for some time, I'd just like to stir it up again to
maybe get this into portage.
Here comes an updated ebuild, hope to get this in portage sometime...
Changes are:
* remove pam_mount_umount-script, since "umount -l" does the same job even better
* remove lsof-dependency, the script's gone, the dependencies should go, too
* IMPORTANT: I did NOT active the "-l"-tag for umount, since it
* might be insecure (you think your encrypted $HOME was dismounted, but it wasn't)
* might break loopback, since they're not freed and can't be used until they are "really" dismounted
Looks like this is dependant upon pkgconfig and glib
I tried to emerge and got
*** A new enough version of pkg-config was not found.
*** See http://www.freedesktop.org/software/pkgconfig/
configure: error: You are missing glib
!!! ERROR: sys-lib/pam_mount-0.9.9 failed.
!!! Function econf, Line 365, Exitcode 1
!!! econf failed
I emerged pkgconfig and then got
*** Could not run GLIB test program, checking why...
*** The test program failed to compile or link. See the file config.log for the
*** exact error that occured. This usually means GLIB is incorrectly installed.
configure: error: You are missing glib
!!! ERROR: sys-lib/pam_mount-0.9.9 failed.
!!! Function econf, Line 365, Exitcode 1
!!! econf failed
So I emerged glib-2.4.1 and pam_mount then emerged happily
Created an attachment (id=37524) [details]
pam_mount 0.9.20 ebuild
Here is an ebuild for the latest pam_mount version (0.9.20 actually). It
contains a fix for a compilation error. Let me know if it doesn't work for you,
for me it works like a charm.
Created an attachment (id=41525) [details]
ebuild with support for smbpwman
This is a build that adds a use flag and if necissary patches pam mount to make
use of a password caching daemon called smbpwman (see bug #67060)
I found that the patch was necissary when using openssh, as when the plugin
runs during openssh logins, the saved password is not available when
open_session is called, and so the pam_mount can't do any mounting using the
password.
Tested and works in my environment.
Hi,
I am pleased that I have got this going. Thanks to the guys who put this ebuild together and Jaco Kroon for the documentation: http://www.kroon.co.za/howto.php?howto=cifs_pam_mount.
A couple of gotchas. When mounting smb volumes - in my case home shares from a samba server - you need to have samba emerged/installed on the client because smbmount is needed to actually mount them. Otherwise you get an error;
mount: wrong fs type, bad option, bad superblock
Secondly I had to use the earlier ebuilds, the later ones failed with an error about a string index out of range on dependencies.
It will be good when this is released into the portage tree.
Cheers Paul
Hi, everybody. I've found 2 minor problems with the 0.9.20 ebuild:
* The provided mount.crypt doesn't work as expected because a symlink is missing. The fix: ln -s /usr/bin/mount.crypt /sbin/mount.crypt
For more information on how this is used you can consult my HOWTO on dm-crypt & pam_mount at http://forums.gentoo.org/viewtopic.php?t=274651
* I don't think it's okay to activate the Gentoo examples in pam_mount.conf by default. IMO they should be commented out. After all, they're only examples.
I don't have time right now to fix these issues.
When will this ebuild be in portage?
Created an attachment (id=48462) [details]
new version. minor fixes & enhancements. sorry, no smbpwman support.
Hi, here's an ebuild for the newest version, 0.9.21.
Changelog:
ebuild:
* create symlink /sbin/mount.crypt (needed for dm-crypt)
pam_mount.conf:
* disabled Gentoo examples
* added dm-crypt examples
* removed reference to the pam_mount_umount script
I'm sorry for leaving the smbpwman support out. I don't use samba and the
smbpwman patch doesn't apply properly, so I left it out. I primarily make this
available for dm-crypt users.
Created an attachment (id=48486) [details]
fixes some more errors. merged pam_mount.conf with the one from 0.9.21
Sorry, for all those revisions. This should be my last one for 0.9.21. Please
note that I'm only using a dm-crypt home, so I won't test cryptoloop, samba,
cifs, etc.
Changes in this version:
* merged pam_mount.conf with the one from pam_mount-0.9.21.
* corrected cryptsetup path in mount.crypt and umount.crypt
Created an attachment (id=49305) [details]
fixed version of mount.crypt
The mount.crypt script that comes with pam_mount 0.9.21 has some bugs. I was
made aware of the fact that Debian's mount.crypt works just fine. I've analyzed
the code and checked that it's correct.
More precisely these 2 bugs are fixed:
* mount calls mount.crypt with the options as $4, but mount.crypt expects them
as $2.
* the crypsetup command would have an incorrect syntax (cryptsetup -c -c
twofish etc.).
Ebuild should probably depend on cryptsetup.
Excellent solution, thanks!
Also DEPEND's on >=dev-libs/glib-2, >=dev-util/pkgconfig-0.7, and
sys-libs/zlib.
Hi, was having some trouble getting smb mounts to unmount on logout I am using
the default configuration that came with the ebuild for 0.9.22 I was wondering
for any insight on the matter: I was able to get Gentoo to mount two smb file
shares on login by making
the following changes in /etc/ssh/sshd_config as below:
--------------------------
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePrivilegeSeparation no
--------------------------
I have two mounts setup in /etc/security/pam_mount.conf (these work, as
the get mounted at login):
--------------------------
volume * smb ecfile2 & /mnt/profile/&
uid=&,gid=&,dmask=0750,workgroup=NEXUS - -
volume * smb ecfile1 & /home/&/N uid=&,gid=&,dmask=0750,workgroup=NEXUS
- -
--------------------------
My /etc/pam.d/system-auth is (the important sections):
--------------------------
auth required /lib/security/pam_env.so
auth optional /lib/security/pam_mount.so use_first_pass
auth sufficient /lib/security/pam_unix.so use_first_pass
likeauth nullok
auth sufficient /lib/security/pam_smb_auth.so use_first_pass
auth required /lib/security/pam_deny.so
...
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_mount.so
--------------------------
As I said this seems to be mostly working to login and authenticate
users and mount their samba shares to where they are supposed to,
however on logout they remain mounted. I know your faq talks about this
issue but I was unable to resolve it..
What I tried to test the configuration:
- Ran pam_mount with debug on, spills debug on login via ssh but says
nothing after logout on console or in /var/log/messages
- tried (even though this is a gentoo system) editing /etc/login.defs to
include "CLOSE_SESSIONS yes" to no effect
- tested my install of lsof, but not sure how it is supposed to be
configured in pam_mount.conf to get relevant output to the syslogs
I am running version 0.9.22 of pam_mount
and version 3.9_p1-r1 of OpenSSH
ccater@engmail.uwaterloo.ca (for any responses)
Does it work when you login on a console, or any other method besides openssh?
I have the same problem with openssh and theres a bug filed for it:
http://bugzilla.mindrot.org/show_bug.cgi?id=926
The process that closes the session (which calls pam_mount to do the unmounting) runs as the user, not as root, so it doesn't have permission to unmount the share.
There's supposed to be a fix if you're not using privelige seperation though (which you're not), so perhaps you're having a different problem.
Otherwise, you could try chaning the mount command for the shares to use
-o user=<username>
or
-o users (which will allow *anyone* to unmount the share)
Some comments on the latest ebuild (2005-02-19
http://bugs.gentoo.org/attachment.cgi?id=51582&action=view):
- I have no lsof installed by default, the dependency might be neccessary again
- src_compile modifies umount.crypt (location of cryptsetup). This is needed
for mount.crypt, too
Besides that I was able to successfully set pam_mount up for a encrypted
directory (user X has a working setup in ~/.pam_mount.conf, mounting a
certain file with cryptsetup to a certain location).
Thanks for providing this!
Created an attachment (id=57980) [details]
ebuild with glib dependency
pam_mount has a GLIB dependency. It probably doesn't turn up for most people
because of gnome etc, but I am doing a fresh install. I've attached a modified
ebuild.
Please note that to add this to portage you should cleanup the ebuild a bit
more.
- REDEPEND must include $DEPEND as you're removing runtime dependency on
openssl and pam
- editing and seding source file should happen in src_unpack()
- you shouldn't overwrite /etc/pam.d file, so do *not* install in /etc/pam.d
sample configuration files, just
leave them with docs
- honour getpam_mod_dir function in pam.eclass as not every system has the same
pam configuration
(multilib, non-linux systems, ...)
*** Bug 98695 has been marked as a duplicate of this bug. ***
Hi, I would appreciate if you could implement a patch, hack, aditional module
to
strip the domainname from the username when authenticating with pam_winbind.
(use_default_domain = No in smb.conf)
When using the username "domainname/user" to login, pam_moun uses the
following:
pam_mount: (defined by globalconf)
pam_mount: user: domain\user
pam_mount: server: my.domain.server
pam_mount: volume: homes
pam_mount: mountpoint: /home/DOMAIN/domain\user
pam_mount: options: uid=domain\user,gid=domain\user,dmask=0750
pam_mount: fs_key_cipher:
pam_mount: fs_key_path:
pam_mount: use_fstab: 0
But it should look like this:
pam_mount: (defined by globalconf)
pam_mount: user: user
pam_mount: server: my.domain.server
pam_mount: volume: homes
pam_mount: mountpoint: /home/DOMAIN/user
pam_mount: options: uid=user,gid=user,dmask=0750
pam_mount: fs_key_cipher:
pam_mount: fs_key_path:
pam_mount: use_fstab: 0
So in this case I have to strip "domain\" from the username.
The "\" is the winbindseperator specified in the samba smb.conf
I already found one solution to do this here:
http://www.spinics.net/lists/pam/msg04088.html
------extracted from the link above------------
[...]
a simple pam_stripdomain.so module that hacks the username right before it
gets
to pam_mount (and maybe returns it to the initial state right after. All you
need to do is
pam_get_item( pamh,| ||||PAM_USER, (void **)&orig_username );
new_username = strdup( strchr( orig_username, '+' ) + 1 );
pam_set_item( pamh, PAM_USER, (void *)new_username );
|||(with a bit of checkings in between, of course :). The orig_username should
then be freed, or saved for later use, e.g. via the pam_set_data()/
pam_get_data() mechanism.
The module should be always stacked __BEFORE__ pam_mount.so
...
xxxx required pam_stripdomain.so
xxxx required pam_mount.so
# I don't know if this is needed; it depends if there are further modules that
need the unstripped user name.
xxxx required pam_putbackdomain.so
[...]
-----------------------------------------------------------------
Thats not a too bad idea with two new modules, but I would suggest a patch that
enables the two options "strip_domain = Yes/No" and "winbind_seperator = /" (or
what ever seperator used in smb.conf) in the pam_mount.conf.
(mmmh, why not parse the smb.conf automatically :-)
If you configuer samba to use default domain, everything works, but that sucks
if you have a multi domain configuration... you get me?
Thanks a lot
regards
Bjoern
Anyway - could anyone help me? I really need it quite urgent..
I'm curious as to whether pam_mount will make it into portage anytime soon. If
the ebuild needs to be cleaned up some more, I can make the changes and post
them here.
*** Bug 115882 has been marked as a duplicate of this bug. ***
Created an attachment (id=75599) [details]
Modified ebuild: pam_mount-0.10.0-r1
updated gentooified mount.crypt and umount.crypt files and adjusted HOMEPAGE
and SRC_URI. Removed all ebuilds prior to 0.10.0-r1.
Created an attachment (id=75777) [details]
ebuild for pam_mount-0.11.0
includes usual fixes for cryptsetup location and gentoo specific comments in
pam_mount.conf
Be ware of fetch-restictions, as sourceforge.net always comes up with an html
page... If anyone has a fix for this, please post.
No one will even look at attached tarballs. Plain text only, please.
(In reply to comment #51)
> pam_mount-0.12.0.ebuild
Could you add the pam_mount-gentoo-paths-and-examples.patch ?
This ebuild may also have samba USE flag, because samba utils are needed to
mount samba shares.
Created an attachment (id=84836) [details]
ebuild for pam_mount 0.13.0 with the gentoo-paths-and-examples patch
This ebuild should work with gnome,kde,shell logins and many other programs
that use PAM because it alters /etc/pam.d/system-auth (which is included in
almost every program which uses pam to check the login data) instead of
/etc/pam.d/{login,kde}.
I also added the notice that a kernel with device-mapper and crypto support
might be needed and that mkehd can be used to create encrypted home
directories.
Portage now downloads the source code file directly from sf.net and skips all
Gentoo mirrors because I added RESTRICT="mirror"
There was only one strange problem:
When I used einstall I always recieved a sandbox access violation because the
installation process tried to overwrite /lib/security/pam_mount.so instead of
/var/tmp/portage/pam_mount-0.13.0-r1/image/lib/security/pam_mount.so.
I solved this problem by replacing the command with DESTDIR=${D} make install.
Now everything is installed in /var/tmp/portage/pam_mount-0.13.0-r1/ and can be
copied to / by portage.
Does anyone know why this only happens when einstall is used?
And sorry for my English, I'm not a native speaker ;)
any chance the ebuild will be added to the main portage tree soon?
In pam_mount-0.13.0 pam_mount.conf defines lsof as "lsof /usr/bin/lsof
%(MNTPT)", but lsof is only located in /usr/sbin.
I'm using an encrypted /home/ partition (AES cipher, dm_crypt). I'm using
pam_mount for automatic mounting (I followed
http://forums.gentoo.org/viewtopic-t-274651-highlight-encryption+pam.html).
Console login does work fine, but if I log in xdm, the X server shuts down.
Logging in without the encrypted /home/ does work though. I think the problem
might be the same as in inode77's post in
[/code]http://forums.gentoo.org/viewtopic-t-274651-postdays-0-postorder-asc-highlight-encryption+pam-start-50.html
There are no useful logs; syslog says "session opened for user momsen".
/var/log/xdm has a line
xdm error (pid 27856): Unknown session exit code 2816 from process 27860
27860 was the xdm(pam_unix) process.
My /etc/pam.d/xdm (I already tried different layouts)
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
I don't have a clue what the error might be, but I think that it is due to xdm
cause console login works.
(In reply to comment #66)
> I log in xdm, the X server shuts down.
The 0.15.0 changelog does mention fixes/work-arounds for XDM crashes. It can be
found here:
http://sourceforge.net/project/shownotes.php?release_id=434898&group_id=41452
A problem/annoyance I was having with pam_mount was that it would be run (and
produce an output to the terminal) whenever I su'd to root, so I removed the
following line from /etc/pam.d/system-auth:
session optional pam_mount.so use_first_pass service=system-auth
and added the following to /etc/pam.d/gdm:
session optional pam_mount.so
Now, pam_mount is only run when I login using GDM :) I just thought i'd post
this incase anyone else wanted that behaviour. I've no idea if it's the most
efficient way of achieving this though, i'm not overly familiar with PAM.
Had some problems with pam_mount-0.13.0 in combination with su/xscreensaver,
mainly segfaults when given an incorrect password. After adding "auth optional
pam_mount.so use_first_pass" "session optional pam_mount.so" everything worked
fine. Perhaps edited versions (or patches) of /etc/pam.d/{su,xscreensaver}
should be added to the ebuild along with the pre-edited login and kde config
files?
Sorry I was wrong, I'm still receiving segfaults from xscreensaver/su when
entering an incorrect passwd (xscreensaver does not segfault when given empty
passwords) since installing pam_mount-0.13.0.
pam_mount-0.16 was just released. I noticed that pam_mount-0.15 and 0.16 now
install mount.crypt and umount.crypt into /sbin, and not /usr/bin/. New
pam_mount ebuilds should not "dosym /usr/bin/mount.crypt /sbin/mount.crypt", as
it would overwrite the actual /sbin/mount.crypt file.
Also, has anyone had luck with getting >=pam_mount-0.15 working? Once installed
I'm unable to even get a "passwd:" prompt when trying to login. I found the
following errors in my logs.
Jul 31 00:23:35 [login] PAM unable to resolve symbol: pam_sm_authenticate
Jul 31 00:23:35 [login] PAM unable to resolve symbol: pam_sm_setcred
Jul 31 00:23:35 [login] PAM unable to resolve symbol: pam_sm_open_session
Jul 31 00:23:35 [login] PAM unable to resolve symbol: pam_sm_close_session
Jul 31 00:23:35 [login(pam_unix)] auth could not identify password for [OMITED]
Jul 31 00:23:35 [kernel] login[4647]: segfault at 0000000000000000 rip
0000000000000000 rsp 00007fffc7a830b8 error 14
Still unable to login with >pam_mount-0.13 on amd64 (using the new
pam_mount-0.17). Regular errors follow.
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_authenticate
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_setcred
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_open_session
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_close_session
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_authenticate
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_setcred
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_open_session
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_close_session
Aug 11 04:26:33 [login(pam_unix)] auth could not identify password for
[my_user]
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_authenticate
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_setcred
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_open_session
Aug 11 04:26:33 [login] PAM unable to resolve symbol: pam_sm_close_session
Aug 11 04:26:33 [login(pam_unix)] auth could not identify password for
[my_user]
Aug 11 04:26:33 [kernel] login[7319]: segfault at 0000000000000000 rip
0000000000000000 rsp 00007fff799a15d8 error 14
Good to see this ebuild hasn't died.
(In reply to comment #73)
> Still unable to login with >pam_mount-0.13 on amd64 (using the new
> pam_mount-0.17). Regular errors follow.
Moaning here won't fix it. Go report it upstream.
pam_mount-0.17 don't even work in i686
PAM unable to resolve symbol: pam_sm_authenticate
PAM unable to resolve symbol: pam_sm_setcred
PAM unable to resolve symbol: pam_sm_open_session
PAM unable to resolve symbol: pam_sm_close_session
pam_mount-0.13 works fine here, 3 diferent machines
entombed ~ # emerge --info
Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17.6-4
i686)
=================================================================
System uname: 2.6.17.6-4 i686 AMD Sempron(tm) Processor 2600+
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-lang/python: 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms
strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="es_AR es"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X alsa apache2 apm arts avi bash-completion berkdb
bitmap-fonts bzip2 cdr cli crypt cups dbus dlloader dri dvd dvdr eds emboss
encode foomaticdb fortran gif gstreamer gtk2 hal imlib ipv6 isdnlog jpeg kde
ldap libg++ libwww mad mikmod mmx motif mp3 mpeg ncurses nls nptl nvidia ogg
opengl pam pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline
reflection sdl session spell spl sse sse2 ssl tcpd truetype truetype-fonts
type1-fonts udev unicode vorbis xml xorg xv zlib elibc_glibc
input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux
linguas_es_AR linguas_es userland_GNU video_cards_vesa video_cards_fbdev
video_cards_nvidia video_cards_nv"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS
The visibility issue involving >pam_mount-0.13 was fixed in the SVN repository,
revision 114. Can we have a revision bump for pam_mount-0.17 to integrate this
fix?
(In reply to comment #72)
> pam_mount-0.17.ebuild
>
> version bump
Bumping this ebuild again for the 0.18 release seems to work fine for me (x86
system, using gnome-base/gdm to login and mounting several cifs/samba shares).
(In reply to comment #84)
> Created an attachment (id=112460) [edit] [details]
> pam_mount-0.18.ebuild
>
> Much cleaned up ebuild, please give feedback.
> Patch has been sent upstream, I think I'll soon add this to portage.
>
src_unpack() {
unpack ${A}
cd ${S}
epatch ${FILESDIR}/pam_mount-cryptsetup-path.patch
}
Always quote variables like ${S} and ${FILESDIR}
src_compile() {
econf || die
emake || die
}
redundant as this is the default
execinto /sbin
doexec scripts/mount.crypt scripts/umount.crypt
Where is this defined? I only know of doexe.
dodoc README TODO AUTHORS ChangeLog FAQ NEWS
Add || die to this so you can catch changes in the future more easily
(In reply to comment #84)
- RDEPEND="${DEPEND} ...
- you are missing bunch of quotes there for ${S}, ${FILESDIR}
- src_compile() is redundant now
- typos there: execinto -> exeinto; doexec -> doexe ;)
- inherit pam seems redundant now as well, you are not using any function from
there...
- would be nice to install some example for system-auth (dodoc or so); there's
one in sunrise, but it needs redoing for pam-0.99*
http://gentoo-sunrise.org/svn/reviewed/sys-auth/pam_mount/files/system-auth
And I'm apparently too slow... :P
Now added to portage. No sample doc, because that has changed within latest
pam, maybe someone want to add something, but better submit it upstream than
patching anything into the ebuild.
