From ajk@iu.edu  Tue Apr 17 22:46:10 2001
Return-Path: <ajk@iu.edu>
Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.5.17])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4F95437B424; Tue, 17 Apr 2001 22:46:10 -0700 (PDT)
	(envelope-from ajk@iu.edu)
Received: (from ajk@localhost)
	by kobayashi.uits.iupui.edu (8.11.1/8.11.1) id f3I5kAB31415;
	Wed, 18 Apr 2001 00:46:10 -0500 (EST)
	(envelope-from ajk)
Message-Id: <200104180546.f3I5kAB31415@kobayashi.uits.iupui.edu>
Date: Wed, 18 Apr 2001 00:46:10 -0500 (EST)
From: ajk@iu.edu
Reply-To: ajk@iu.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: New port: pam_ssh (moved out from base)
X-Send-Pr-Version: 3.2

>Number:         26666
>Category:       bin
>Synopsis:       New port: pam_ssh (moved out from base)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 17 22:50:00 PDT 2001
>Closed-Date:    Sat May 5 12:22:27 PDT 2001
>Last-Modified:  Sat May 05 12:22:43 PDT 2001
>Originator:     Andrew J. Korty
>Release:        FreeBSD 4.2-RELEASE i386
>Organization:
Information Technology Security Office, Indiana University
>Environment:

FreeBSD

>Description:

This PAM module provides single sign-on behavior for UNIX using
SSH.  Users are authenticated by decrypting their SSH private keys
with the password provided (probably to XDM).  In the PAM session
phase, an ssh-agent process is started and keys are added.

Please remove pam_ssh from the base.  As a port, it can more easily
be made to work with all versions of SSH on many platforms as a
standalone product.  (I realize it's too late for 4.3-RELEASE.)

>How-To-Repeat:

N/A

>Fix:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	pam_ssh
#	pam_ssh/Makefile
#	pam_ssh/distinfo
#	pam_ssh/pkg-plist
#	pam_ssh/pkg-comment
#	pam_ssh/pkg-descr
#
echo c - pam_ssh
mkdir -p pam_ssh > /dev/null 2>&1
echo x - pam_ssh/Makefile
sed 's/^X//' >pam_ssh/Makefile << 'END-of-pam_ssh/Makefile'
X# New ports collection makefile for:	pam_ssh
X# Date created:				12 April 2001
X# Whom:					ajk@iu.edu
X#
X# $FreeBSD$
X#
X
XPORTNAME=	pam_ssh
XPORTVERSION=	1.5
XCATEGORIES=	security
XMASTER_SITES=	http://prdownloads.sourceforge.net/pam-ssh/
X
XMAINTAINER=	ajk@iu.edu
X
XPREFIX?=	${DESTDIR}/usr
X
X.include <bsd.port.mk>
END-of-pam_ssh/Makefile
echo x - pam_ssh/distinfo
sed 's/^X//' >pam_ssh/distinfo << 'END-of-pam_ssh/distinfo'
XMD5 (pam_ssh-1.5.tar.gz) = a01f3d5e7f4cf21029b64076c9f0f60d
END-of-pam_ssh/distinfo
echo x - pam_ssh/pkg-plist
sed 's/^X//' >pam_ssh/pkg-plist << 'END-of-pam_ssh/pkg-plist'
Xlib/pam_ssh.so
END-of-pam_ssh/pkg-plist
echo x - pam_ssh/pkg-comment
sed 's/^X//' >pam_ssh/pkg-comment << 'END-of-pam_ssh/pkg-comment'
XThis PAM module provides single sign-on behavior for UNIX using SSH
END-of-pam_ssh/pkg-comment
echo x - pam_ssh/pkg-descr
sed 's/^X//' >pam_ssh/pkg-descr << 'END-of-pam_ssh/pkg-descr'
XThis PAM module provides single sign-on behavior for UNIX using
XSSH. Users are authenticated by decrypting their SSH private keys with
Xthe password provided (probably to XDM). In the PAM session phase, an
Xssh-agent process is started and keys are added.
X
XWWW: http://sourceforge.net/projects/pam-ssh/
X
XAndrew J. Korty <ajk@iu.edu>
END-of-pam_ssh/pkg-descr
exit

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: will 
State-Changed-When: Tue Apr 17 23:06:05 PDT 2001 
State-Changed-Why:  
Doesn't build on 4.3-RC: 

cc -pipe -fpic -DPIC -O -pipe  -Wall -c rijndael.c -o rijndael.So 
cc -pipe -fpic -DPIC -O -pipe  -Wall -c xmalloc.c -o xmalloc.So 
building shared library pam_ssh.so 
/usr/libexec/elf/ld: cannot find -lgcc_pic 
*** Error code 1 

Stop in /net/puck/will/ports/security/pam_ssh/work/pam_ssh-1.5. 
*** Error code 1 

Removing -lgcc_pic fixes it.  What shall we do here? 


http://www.freebsd.org/cgi/query-pr.cgi?pr=26666 

From: Will Andrews <will@physics.purdue.edu>
To: obrien@FreeBSD.org
Cc: ajk@iu.edu, FreeBSD GNATS DB <FreeBSD-gnats-submit@FreeBSD.org>
Subject: FW: Re: bin/26666: New port: pam_ssh (moved out from base)
Date: Wed, 18 Apr 2001 10:58:56 -0500

 David,
 
 Am I right that revs 1.87 and 1.61.2.12 of src/sys/sys/param.h denote
 the removal of -lgcc_pic?  I need an ${OSVERSION} check on this to regex
 out the -lgcc_pic for newer systems.
 
 See: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/param.h
 
 Andy,
 
 It may be easier to simply use a regex in the port Makefile to adjust
 settings, at least until you can make a similar adjustment in the
 pam_ssh Makefile.  I think you'd want something similar to this:
 
 OSVERSION!=	/sbin/sysctl -n kern.osreldate
 .if (${OSVERSION} <= 420001)
 LDADD+=	-lgcc_pic
 .endif
 
 You could wrap this with an .if (${OSNAME} == "FreeBSD")  if you are so
 inclined to make it portable among BSD (with a similar definition of
 course :-).
 
 ----- Forwarded message from "Andrew J. Korty" <ajk@iu.edu> -----
 
 Date: Wed, 18 Apr 2001 10:39:37 -0500 (EST)
 From: "Andrew J. Korty" <ajk@iu.edu>
 To: <will@FreeBSD.org>
 Cc: <freebsd-bugs@FreeBSD.org>
 Subject: Re: bin/26666: New port: pam_ssh (moved out from base)
 
 On Tue, 17 Apr 2001 will@FreeBSD.org wrote:
 
 > State-Changed-Why:
 > Doesn't build on 4.3-RC:
 >
 > cc -pipe -fpic -DPIC -O -pipe  -Wall -c rijndael.c -o rijndael.So
 > cc -pipe -fpic -DPIC -O -pipe  -Wall -c xmalloc.c -o xmalloc.So
 > building shared library pam_ssh.so
 > /usr/libexec/elf/ld: cannot find -lgcc_pic
 > *** Error code 1
 >
 > Stop in /net/puck/will/ports/security/pam_ssh/work/pam_ssh-1.5.
 > *** Error code 1
 >
 > Removing -lgcc_pic fixes it.  What shall we do here?
 
 I'm not sure why I was using -lgcc_pic before, but it doesn't appear
 to be necessary under 4.2-RELEASE.  I've removed it from the Makefile
 and moved the tag for 1.5, but I can't log in to SourceForge to
 change replace the file.  I'll try later.
 
 If you want, just make a patch to remove it.
 
 -- 
 Andrew J. Korty, Principal Security Engineer, GCIA
 Office of the Vice President for Information Technology
 Indiana University
 
 ----- End forwarded message -----
 
 -- 
 wca

From: "David O'Brien" <obrien@FreeBSD.org>
To: Will Andrews <will@physics.purdue.edu>
Cc: ajk@iu.edu, FreeBSD GNATS DB <FreeBSD-gnats-submit@FreeBSD.org>
Subject: Re: FW: Re: bin/26666: New port: pam_ssh (moved out from base)
Date: Wed, 18 Apr 2001 11:03:57 -0700

 On Wed, Apr 18, 2001 at 10:58:56AM -0500, Will Andrews wrote:
 > Am I right that revs 1.87 and 1.61.2.12 of src/sys/sys/param.h denote
 > the removal of -lgcc_pic?
 
 Yes.  [for the ELF case]
 
 -- 
 -- David  (obrien@FreeBSD.org)
State-Changed-From-To: analyzed->closed 
State-Changed-By: will 
State-Changed-When: Sat May 5 12:22:27 PDT 2001 
State-Changed-Why:  
Committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=26666 
>Unformatted:
