From marcus@shumai.marcuscom.com  Tue Dec 18 14:34:04 2001
Return-Path: <marcus@shumai.marcuscom.com>
Received: from shumai.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46])
	by hub.freebsd.org (Postfix) with ESMTP id 9354A37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 Dec 2001 14:34:03 -0800 (PST)
Received: (from marcus@localhost)
	by shumai.marcuscom.com (8.11.6/8.11.6) id fBIMYCH67243;
	Tue, 18 Dec 2001 17:34:12 -0500 (EST)
	(envelope-from marcus)
Message-Id: <200112182234.fBIMYCH67243@shumai.marcuscom.com>
Date: Tue, 18 Dec 2001 17:34:12 -0500 (EST)
From: Joe Marcus Clarke <marcus@marcuscom.com>
Reply-To: Joe Marcus Clarke <marcus@marcuscom.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: -stable pam.conf does not work for GDM
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         32990
>Category:       conf
>Synopsis:       -stable pam.conf does not work for GDM
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    sobomax
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 18 14:40:00 PST 2001
>Closed-Date:    Wed Dec 19 08:48:12 PST 2001
>Last-Modified:  Wed Dec 19 08:49:55 PST 2001
>Originator:     Joe Marcus Clarke
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
MarcusCom, Inc,
>Environment:
System: FreeBSD shumai.marcuscom.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Sun Dec 16 00:23:18 EST 2001 marcus@shumai.marcuscom.com:/usr/obj/usr/src/sys/SHUMAI i386


	
>Description:
	When logging in through GDM after cvsup'ing to the latest -stable, I get
the following errors:

dlerror: Cannot open "/usr/lib/pam_nologin.so"
unable to resolve symbol: pam_sm_open_session
>How-To-Repeat:
	cvsup to -stable, and try to login via GDM.
>Fix:

--- etc/pam.conf.orig	Tue Dec 18 17:35:45 2001
+++ etc/pam.conf	Tue Dec 18 17:35:57 2001
@@ -83,7 +83,6 @@
 xdm	password required	pam_deny.so
 
 # GDM (GNOME Display Manager)
-gdm	auth	required	pam_nologin.so	no_warn
 #gdm	auth	sufficient	pam_kerberosIV.so	no_warn	try_first_pass
 #gdm	auth	sufficient	pam_krb5.so	no_warn	try_first_pass
 #gdm	auth	sufficient	pam_ssh.so	no_warn	try_first_pass
@@ -94,7 +93,7 @@
 #gdm	session	required	pam_kerberosIV.so
 #gdm	session	required	pam_krb5.so
 #gdm	session	required	pam_ssh.so
-gdm	session	required	pam_unix.so
+gdm	session	required	pam_permit.so
 gdm	password required	pam_deny.so
 
 # Mail services
	
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sobomax 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Dec 19 00:56:43 PST 2001 
Responsible-Changed-Why:  
Maxim MFC'ed this stuff without MFC'ing the necessary PAM modules. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32990 

From: Maxim Sobolev <sobomax@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, marcus@marcuscom.com
Cc:  
Subject: Re: conf/32990: -stable pam.conf does not work for GDM
Date: Wed, 19 Dec 2001 11:21:35 +0200

 This is a multi-part message in MIME format.
 --------------9D328CB42A67B17F8F7124BB
 Content-Type: text/plain; charset=koi8-r
 Content-Transfer-Encoding: 7bit
 
 Marcus,
 
 Could you please test attached patch against recent 4-STABLE sources
 and let me know if it works or not, because I do not currently have a
 -STABLE system with XFree/GNOME to test this on.
 
 Thanks!
 
 -Maxim
 --------------9D328CB42A67B17F8F7124BB
 Content-Type: text/plain; charset=koi8-r;
  name="pam.conf.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="pam.conf.diff"
 
 Index: src/etc/pam.conf
 ===================================================================
 RCS file: /home/ncvs/src/etc/pam.conf,v
 retrieving revision 1.6.2.12
 diff -d -u -r1.6.2.12 pam.conf
 --- src/etc/pam.conf	5 Dec 2001 16:17:47 -0000	1.6.2.12
 +++ src/etc/pam.conf	19 Dec 2001 09:17:48 -0000
 @@ -83,18 +83,10 @@
  xdm	password required	pam_deny.so
  
  # GDM (GNOME Display Manager)
 -gdm	auth	required	pam_nologin.so	no_warn
 -#gdm	auth	sufficient	pam_kerberosIV.so	no_warn	try_first_pass
 -#gdm	auth	sufficient	pam_krb5.so	no_warn	try_first_pass
 -#gdm	auth	sufficient	pam_ssh.so	no_warn	try_first_pass
 -gdm	auth	required	pam_unix.so	no_warn	try_first_pass
 -#gdm	account	required	pam_kerberosIV.so
 -#gdm	account	required	pam_krb5.so
 -gdm	account	required	pam_unix.so
 -#gdm	session	required	pam_kerberosIV.so
 -#gdm	session	required	pam_krb5.so
 -#gdm	session	required	pam_ssh.so
 -gdm	session	required	pam_unix.so
 +gdm	auth	required	pam_unix.so
 +#gdm	auth	sufficient	pam_kerberosIV.so		try_first_pass
 +gdm	account	required	pam_unix.so			try_first_pass
 +gdm	session	required	pam_deny.so
  gdm	password required	pam_deny.so
  
  # Mail services
 
 --------------9D328CB42A67B17F8F7124BB--
 

From: Joe Clarke <marcus@marcuscom.com>
To: Maxim Sobolev <sobomax@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/32990: -stable pam.conf does not work for GDM
Date: Wed, 19 Dec 2001 10:50:51 -0500 (EST)

 Maxim, this won't work.  My patch that set session to pam_permit is
 required.  If you pam_deny the session, you immediately get returned to
 GDM after logging in.
 
 Also, have you had a chance to look at ports/32840?
 
 Thanks!
 
 Joe
 
 On Wed, 19 Dec 2001, Maxim Sobolev wrote:
 
 > Marcus,
 >
 > Could you please test attached patch against recent 4-STABLE sources
 > and let me know if it works or not, because I do not currently have a
 > -STABLE system with XFree/GNOME to test this on.
 >
 > Thanks!
 >
 > -Maxim
 
 
State-Changed-From-To: open->closed 
State-Changed-By: sobomax 
State-Changed-When: Wed Dec 19 08:48:12 PST 2001 
State-Changed-Why:  
Submitter confirms that the problem has been fixed in rev.1.6.2.13 of 
src/etc/pam.conf. 

Thank you for submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=32990 
>Unformatted:
