Compiling on Solaris

Pierangelo Masarati ando at sys-net.it
Tue Nov 30 08:58:00 UTC 2004


> Hi!
> I want to use ldap authentication for ftp users of Solaris server with
> SunOS 5.7.
> So, I installed pam-ldap and nss-ldap.

If you mean the PADL implementation of LDAP and NSS via LDAP, it has
little to do with this list.  They don't need Linux-PAM at all to work
with Solaris.

> Now I can do 'getent passwd <ldap
> user>'
> and get info about that user from ldap. But connect through FTP doesn't
> work.
> My /etc/pam.conf is as follows:
> --
> #%PAM-1.0
> auth       required     /lib/security/pam_listfile.so item=user
> sense=deny file=/etc/ftpusers onerr=succeed
> auth       required     /lib/security/pam_shells.so
> auth       sufficient   /lib/security/pam_ldap.so.1
> account    sufficient   /lib/security/pam_ldap.so.1
> session    sufficient   /lib/security/pam_ldap.so.1
> --
> In ftp log I can see
> --
> ... PAM(<user>): Dlopen failure.
> ... USER <user> (Login failed): Incorrect password.
> --
>
> Maybe this is because of there are no files pam_listfile.so and
> pam_shells.so in my SunOS 5.7?

... :)

> Do I need to install Linux-PAM first to get these files?

Yes.  It is my experience that you don't need to use Linux-PAM
implementation of the libpam to work with Solaris, but please correct me
if I'm wrong.  I managed to use Linux-PAM modules with the original
Solaris 2.8 libpam without problems, along with PADL's modules.

> I tried to compile Linux-PAM-0.77, but 'make' gives an error:
> --
> rm -f security
> ln -sf . security
> make -C modules all
> make[1]: Entering directory `/u01/soft/Linux-PAM-0.77/modules'
> building the static modutil library
> make -C pammodutil all
> make -C pammodutil all
> make[2]: Entering directory `/u01/soft/Linux-PAM-0.77/modules/pammodutil'
> mkdir -p static
> gcc -Wall -Wwrite-strings       -Wpointer-arith -Wcast-qual -Wcast-align
> -Wstrict-prototypes -Wmissing-prototypes       -Wnested-externs -Winline
> -Wshadow -Dsunos -ansi -pedantic -I./include
> -I/u01/soft/Linux-PAM-0.77/libpam/include -I/u01/soft/Linux-PAM-0.77
> -I/u01/soft/Linux-PAM-0.77/libpamc/include  -fPIC   -DLIBPAM
> _VERSION_MAJOR=0 -DLIBPAM_VERSION_MINOR=77   -c modutil_cleanup.c -o
> static/modutil_cleanup.o
> gcc -Wall -Wwrite-strings       -Wpointer-arith -Wcast-qual -Wcast-align
> -Wstrict-prototypes -Wmissing-prototypes       -Wnested-externs -Winline
> -Wshadow -Dsunos -ansi -pedantic -I./include
> -I/u01/soft/Linux-PAM-0.77/libpam/include -I/u01/soft/Linux-PAM-0.77
> -I/u01/soft/Linux-PAM-0.77/libpamc/include  -fPIC   -DLIBPAM
> _VERSION_MAJOR=0 -DLIBPAM_VERSION_MINOR=77   -c modutil_getpwnam.c -o
> static/modutil_getpwnam.o
> modutil_getpwnam.c: In function `_pammodutil_getpwnam':
> modutil_getpwnam.c:43: error: too many arguments to function `getpwnam_r'
> modutil_getpwnam.c:43: warning: assignment makes integer from pointer
> without a cast
> make[2]: *** [static/modutil_getpwnam.o] Error 1
> make[2]: Leaving directory `/u01/soft/Linux-PAM-0.77/modules/pammodutil'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory `/u01/soft/Linux-PAM-0.77/modules'
> make: *** [modules] Error 2
> --
> What can be done? How can I get working PAM?

You need to explicitly define __EXTENSIONS__ and _POSIX_PTHREAD_SEMANTICS
(e.g. CPPFLAGS="-D__EXTENSIONS__ -D_POSIX_PTHREAD_SEMANTICS") to get the
right API because Solaris supports different intermediate states of the
POSIX for pwd.h; see /usr/include/pwd.h for details.  There might be other
tweaks needed, based on the version of Solaris and Linux-PAM.  I recently
managed to compile Linux-PAM 0.78 on Solaris 2.8.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati at sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497




More information about the Pam-list mailing list