sys-freebsd/freebsd-ubin provides /etc/pam.d/login, /etc/pam.d/passwd and /etc/pam.d/su you can check for the pamd files in $PORTDIR/sys-freebsd/freebsd-ubin/files diffs: --- /etc/pam.d/login 2012-04-22 10:18:22.000000000 +0000 +++ /etc/pam.d/._cfg0000_login 2012-04-22 10:44:17.000000000 +0000 @@ -1,4 +1,5 @@ -auth include system-local-login -account include system-local-login -session include system-local-login -password include system-local-login +auth required pam_securetty.so +auth include system-local-login +account include system-local-login +password include system-local-login +session include system-local-login --- /etc/pam.d/passwd 2012-04-22 10:18:22.000000000 +0000 +++ /etc/pam.d/._cfg0000_passwd 2012-04-22 10:44:17.000000000 +0000 @@ -1,9 +1,4 @@ -# -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/files/passwd.1.pamd,v 1.1 2008/02/19 12:04:06 flameeyes Exp $ -# -# PAM configuration for the "passwd" service -# - -# passwd(1) does not use the auth, account or session services. - -password include system-auth +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth --- /etc/pam.d/su 2012-04-22 10:18:22.000000000 +0000 +++ /etc/pam.d/._cfg0000_su 2012-04-22 10:44:17.000000000 +0000 @@ -1,17 +1,8 @@ -# -# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/files/su.1.pamd,v 1.1 2008/02/19 12:04:06 flameeyes Exp $ -# -# PAM configuration for the "su" service -# - -# auth -auth sufficient pam_rootok.so no_warn -auth sufficient pam_self.so no_warn -auth requisite pam_group.so no_warn group=wheel root_only fail_safe -auth include system-auth - -# account -account include system-auth - -# session -session required pam_permit.so +auth sufficient pam_rootok.so +auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_env.so +session optional pam_xauth.so I get such messages: Apr 22 10:47:29 stg-fbsd login: in openpam_dispatch(): pam_securetty.so: no pam_sm_authenticate() Apr 22 10:47:29 stg-fbsd login: in openpam_check_error_code(): pam_sm_authenticate(): unexpected return value 4 Apr 22 10:47:31 stg-fbsd login: pam_authenticate(): system error so I suppose the line: auth required pam_securetty.so is the offending one I'll unkeyword this pambase version until problem gets resolved.
Change auth required pam_securetty.so to account required pam_securetty.so would solve problem?
$ cat /var/mail/alias/misc/pam-bugs robbat2 flameeyes constanze *pambase-20120417 (17 Apr 2012) 17 Apr 2012; Pawel Hajdan jr <phajdan.jr@gentoo.org> +pambase-20120417.ebuild: Version bump. ....
(In reply to comment #0) > sys-freebsd/freebsd-ubin provides /etc/pam.d/login, /etc/pam.d/passwd and > /etc/pam.d/su How can we recognize FreeBSD in the ebuild and just make pambase _not_ install those files?
(In reply to comment #3) > (In reply to comment #0) > > sys-freebsd/freebsd-ubin provides /etc/pam.d/login, /etc/pam.d/passwd and > > /etc/pam.d/su > > How can we recognize FreeBSD in the ebuild and just make pambase _not_ > install those files? it depends what you want to recognize; simplest way would be to make them useflag dependant that you force in base/package.use.force and mask on non-linux systems.
I'll fix this all up in June as I'll make sure to put in the new pambase that is actually written to taken into consideration this as well.
(In reply to comment #5) > I'll fix this all up in June as I'll make sure to put in the new pambase > that is actually written to taken into consideration this as well. Assigning to you then, Bugzilla started spamming me. ;-)
Is this already solved?
I see that bsds are still forced to use really old pambase version... we would need an updated patch for current version I guess (anyway, if it works for them... I would simply go ahead and commit the fixes in a new revision ;)
G/FBSD is dead.