[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

solaris 2.6 PAM: things to beware of



After sticking in glue to make the Linux PAM package be compatible module-wise
with the Solaris 2.6 PAM, everything was golden, except that my
password-changing Kerberos and AFS modules would not work with /usr/bin/passwd!
The pam_unix_passwd module from the same compile did. The krb4 and afspass
modules did work with a passwd from SimplePamApps compiled against the Linux
PAM libraries.

Started doing some investigating. After a while I realized Solaris has
Kerberos, so I removed /usr/lib/libkrb.so, but that wasn't it. Then I realized,
hey, where's des? Not in libc. Not in a libdes. 

Today's trivia answer: libnsl. The SimplePamApps passwd wasn't linked against
libnsl. The Solaris one was. Bingo! So even though I linked e.g. pam_krb4.so
like this:
ld -G -R/usr/local/lib -Bsymbolic -o pam_krb4.so dynamic/pam_krb4.o 
-L/usr/local/lib -lkadm -lkrb -ldes -lcom_err -lc -lpam -lsocket -lnsl -lm

I was still getting des from libnsl and not libdes (but I really think this is
a bug. Damnit, do symbolic binding *now* should do it *now*, really!!)

Answer is to link thusly:
ld -G -R/usr/local/lib -Bsymbolic -o pam_krb4.so dynamic/pam_krb4.o 
-L/usr/local/lib -lkadm /usr/local/lib/libkrb.a -ldes -lresolv -lcom_err -lc
-lpam -lsocket -lnsl -lm

and let ld do the fixups, which is gross but makes the modules work with the
Solaris apps. Irritates me to no end, but until I get 2.6 documentation and can
read about the dynamic linker I don't know if it's a bug or only a misfeature.

For what it's worth...
-D
(Expect me to release the Solaris-ported versions of these modules shortly.)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []