On Wed, Dec 21, 2011 at 11:09:23PM +0100, Hartmann, O. wrote: H> OS: FreeBSD 10.0-CURRENT/amd64 r228787 H> H> Since the last update of world yesterday were I managed to compile the H> OS WITH_LIBCPLUSPLUS=YES in /etc/src.conf, H> only root is capable to login on the console. H> H> I use OpenLDAP 2.4 as the backend for usual users, having also an H> "emergency" user installed in the local /etc/passwd just in case. H> H> The problem is, I can not login via xdm or console login anymore as any H> usual user, even not as a user residing in the local passwd file. H> H> Trying to login as LDAP backed user, I get the error H> SASL/DIGEST-MD5 authentication started H> Login icorrect H> H> Inspecting /var/log/auth.log reveals for this incident H> H> login: in openpam_check_path_owner_perms(): H> /usr/local/lib/pam_ldap.so.5: No such file or directory H> H> Trying tologin as a local (/etc/passwd backed) user gets H> sometimes the same login issue, but sporadically I get a login but H> landing in / instead of /home/user. /home is a ZFS volume. H> H> I reinstalled pam_ldap, nss_ldap, openldap-sasl-server/client many times H> now since I suspected a fault in compilation (everything is compiled via H> CLANG), but I have no success. H> H> /usr/local/lib/pam_ldap.so.5 does not exist, it is simply pam_ldap.so. H> H> It seems, that the OS can not find the homes on the ZFS volume. Doing a H> su - USER works for all LDAP users but not the local users, I receive H> the error su: no directory. This is very strange. While su - as root H> does not work, login as such a failing user work, but as mentioned H> without home. H> H> The last thing I did on that box is: I recompiled yesterday evening H> world, switched the box off. When I switched the box on today, I ran H> into this issue. H> H> I recompile the system without flag WITH_LIBCPLUSPLUS and see what is H> happening. Do others also see this strange behaviour? This is definitely due to libpam update. In my case, I also got messages: openpam_check_path_owner_perms(): /usr/local/lib/pam_ldap.so.5: No such file or directory But this doesn't prevent me from logging in. The new PAM code first tries to dlopen() a library configured in /etc/pam.d with ".5" appended to it, this is hardcoded. If failed, it dlopens the exact name from configuration. So, the message is harmless itself - the pam_ldap.so is opened successfully. I suppose failure to login that you experience is related to another fallout from the new PAM import. -- Totus tuus, Glebius.Received on Thu Dec 22 2011 - 14:59:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:22 UTC