From nobody@FreeBSD.org  Wed Jan 12 00:59:32 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 396761065670
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Jan 2011 00:59:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 28CEB8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Jan 2011 00:59:32 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p0C0xVb7013041
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Jan 2011 00:59:31 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p0C0xVhm013040;
	Wed, 12 Jan 2011 00:59:31 GMT
	(envelope-from nobody)
Message-Id: <201101120059.p0C0xVhm013040@red.freebsd.org>
Date: Wed, 12 Jan 2011 00:59:31 GMT
From: Stephen Fisher <steve@stephen-fisher.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Consider compiling OpenPAM with debug logging support
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         153918
>Category:       kern
>Synopsis:       [openpam] Consider compiling OpenPAM with debug logging support
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 12 01:00:16 UTC 2011
>Closed-Date:    
>Last-Modified:  Sun Jan 16 23:09:06 UTC 2011
>Originator:     Stephen Fisher
>Release:        8.1-RELEASE
>Organization:
>Environment:
FreeBSD xxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
The man pages for OpenPAM as distributed with the base operating system mention the "debug" option that can be used with pam modules.  However, the debug will not work unless the --enable-debug option (not --enable-debugging-symbols) is passed to OpenPAM's configuration script in /usr/src/contrib/openpam.  Once this is recompiled (along with the code in /usr/src/lib/libpam/), the debug output shows up as expected in /var/log/debug.log.

>How-To-Repeat:
Add "debug" to an authentication entry in /etc/pam.d/ such as /etc/pam.d/sshd:

auth    required        pam_unix.so             debug no_warn try_first_pass


>Fix:
Pass "--enable-debug" to configure script in /usr/src/contrib/openpam before building


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Jan 16 23:07:47 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=153918 
>Unformatted:
