NetBSD Problem Report #56630

From  Sat Jan 15 16:09:17 2022
Return-Path: <>
Received: from ( [])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "", Issuer " CA" (not verified))
	by (Postfix) with ESMTPS id 6D7901A923A
	for <>; Sat, 15 Jan 2022 16:09:17 +0000 (UTC)
Message-Id: <>
Date: Sat, 15 Jan 2022 17:08:49 +0100 (CET)
Subject: Several pam_u2f debug issues
X-Send-Pr-Version: 3.95

>Number:         56630
>Category:       lib
>Synopsis:       Several pam_u2f debug issues
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 15 16:10:00 +0000 2022
>Originator:     Michael van Elst
>Release:        NetBSD 9.99.93


System: NetBSD tazz 9.99.93 NetBSD 9.99.93 (TAZZ) #43: Thu Jan 13 23:07:03 UTC 2022 mlelstv@slowpoke:/scratch2/obj.amd64/scratch/netbsd-current/src/sys/arch/amd64/compile/TAZZ amd64
Architecture: x86_64
Machine: amd64

pam_u2f supports the debug and debug_file options to redirect output
to a file, syslog, stdout or stderr. However, you always get some
output written to stderr.

Reason is that pam_u2f calls fido_init() with the FIDO_DEBUG parameter
when it sees the debug option and libfido2 defaults to log debug
output to stderr. pam_u2f should use fido_set_log_handler() to catch
the output and print it according to the debug_file option.

The pam_u2f man page is also irritating as it describes a quoting
mechanism for options containing white space using square brackets.
OpenPAM however uses normal shell quoting rules, i.e. single or
double quotes.

Try pam_u2f with the debug option.



NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD:,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.