NetBSD Problem Report #46577

From  Sun Jun 10 19:47:20 2012
Return-Path: <>
Received: from ( [])
	by (Postfix) with ESMTP id 731B963B882
	for <>; Sun, 10 Jun 2012 19:47:20 +0000 (UTC)
Message-Id: <>
Date: Sun, 10 Jun 2012 21:47:13 +0200 (CEST)
Subject: Old PAM problem with -DNO_STATIC_MODULES has come back.
X-Send-Pr-Version: 3.95

>Number:         46577
>Category:       pkg
>Synopsis:       Old PAM problem with -DNO_STATIC_MODULES has come back.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 10 19:50:00 +0000 2012
>Originator:     Rhialto
>Release:        NetBSD 5.1


System: NetBSD 5.1 NetBSD 5.1 (Radl-s_Pervasion_of_the_Incorrect_Chord) #0: Mon Jan 24 20:25:13 CET 2011 amd64
Architecture: x86_64
Machine: amd64
	Since I last updated to pkgsrc-2012Q1, I am seeing this in my syslog
	very often:

	Jun 10 20:48:31 radl sshd: in openpam_dispatch(): /usr/pkg/lib/security/ no pam_sm_setcred()

	This is apparentklty from the security/pam-af package.
	Strangely enough, it seems it was updated a pkgsrc stable branch
	earlier, but I only see this effect now.

	Apparently this problem happened before, and was "fixed" by adding
	and followup

	but it is back.

	Somehow the -DNO_STATIC_MODULES disappears; I can't see a trace of it
	in the build output:

===> configure-message [pam-af-1.0.2nb1] ===> Configuring for pam-af-1.0.2nb1
=> Checking for portability problems in extracted files
=> replace hard-coded paths
===> build-message [pam-af-1.0.2nb1] ===> Building for pam-af-1.0.2nb1
if [ "`uname -s`" = "FreeBSD" -o "`uname -s`" = "NetBSD" -o "`uname -s`" = "OpenBSD" -o "`uname -s`" = "DragonFly" ]; then  /usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                    -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_"  LD=ld LDFLAGS=" -s --shared -lpam -lcrypt"  ./;  /usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k      -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch       -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_"  LDFLAGS="" ./pam_af_tool/pam_af_tool;  elif [ "`uname -s`" = "Linux" ]; then  /usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch  !
     -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_FLOCK_  -D_HAVE_SYS_FILE_H_"  LD=ld LDFLAGS="-lgdbm -lgdbm_compat -s --shared -lpam -lcrypt"  ./;  /usr/bin/make CFLAGS="-I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                  -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch     -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_GNU_SOURCE -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_FLOCK_  -D_HAVE_SYS_FILE_H_"  LDFLAGS="-lgdbm -lgdbm_compat" ./pam_af_tool/pam_af_tool;  elif [ "`uname -s`" = "SunOS" ]; then  /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2 -D_SUN_PAM_ -D_HAVE_USERDEFS_H_"  LD=ld LDFLAGS="-lnsl -lsocket -s -G -lpam -lcrypt"  ./;  /usr/bin/make CFLAGS="-I./common/ -DPIC -fPIC -O2 -D_SUN_PAM_ -D_HAVE_USERDEFS_H_"  LDFLAGS="-lnsl -lsocket" ./pam_af_tool/pam_af_tool;  elif [ "`uname -s`" = "HP-UX" ]; then  /usr/bin/make CFLAGS="-Ae +w1 +W 474,486,542 +z +O!
 2"  LD=ld LDFLAGS=" -s -b -lpam -lsec"  ./;  /usr/bin!
 /make CFLAGS="-I./common/ -DPIC -Ae +w1 +W 474,486,542 +z +O2"  LDFLAGS="" ./pam_af_tool/pam_af_tool;  else  /usr/bin/make ./;  /usr/bin/make ./pam_af_tool/pam_af_tool;  fi
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c ./pam_af.c -o ./pam_af.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -DPAM_AF_DEFS -c ./common/subr.c -o ./subr.o
ld -s --shared -lpam -lcrypt ./pam_af.o ./subr.o -o ./
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c ./pam_af_tool/pam_af_tool.c -o ./pam_af_tool/pam_af_tool.o
cc -I./common/ -DPIC -O2 -Wall -Werror -Wno-format-y2k                   -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch      -Wshadow -Wchar-subscripts -Winline -Wnested-externs -fPIC -D_HAVE_PATHS_H_ -D_HAVE_ERR_H_ -D_HAVE_GETPROGNAME_ -D_USE_MODULE_ENTRY_ -D_HAVE_SALEN_ -c ./common/subr.c -o ./pam_af_tool/subr.o
cc  ./pam_af_tool/pam_af_tool.o ./pam_af_tool/subr.o -o ./pam_af_tool/pam_af_tool
=> Unwrapping files-to-be-installed.


	Install security/pam-af to protect against bulk ssh intrusions.
	See notices that make you think it doesn't work.

	As a workaround, I changed the provided patches of the
	security/pam-af/work.x86_64/pam_af-1.0.2/Makefile so that it adds this


	This seems to make it work for me, but it is probably too drastic in
	The email thread alludes to a proper fix that there is to be made.

___ Olaf 'Rhialto' Seibert  -- There's no point being grown-up if you 
\X/ rhialto/at/    -- can't be childish sometimes. -The 4th Doctor


NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD:,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.