Missing requirements for compiling some PAM modules
Steve B
steveb333 at gmail.com
Fri Oct 15 13:00:41 UTC 2010
Hey all,
I've been trying to compile PAM on a few older SLES 9 and SLES 10 systems,
as well as upgrading the libraries on our older RedHat/CentOS 4 systems.
Certain PAM modules do not compile, I'm assuming due to missing
requirements. These include pam_cracklib, pam_keyinit, pam_namespace,
pam_selinux, pam_sepermit, and pam_tty_audit. Looking through the make logs
I see entries for "entering directory '/path/to/pam/...'" followed by
"Nothing to be done for 'all'".
Looking through the config.log I was able to determine where a few of the
requirement checks failed. I installed the latest cracklib source to fix
the pam_cracklib requirements. Pam_keyinit was a bit trickier. I saw that
configure was testing for definitions of __NR_keyctr and ENOKEY. On a RHEL
5 system I found these were defined in header files installed with the
kernel-headers-2.6.18-128.el5 rpm. Looking at the source for pam_keyinit it
appears that it only needed the values for these definitions, so I was able
to trick the module into compiling by hardcoding the checks for these
definitions to always pass, then manually adding "#define __NR_keyctl 250"
(for x86_64 systems, 288 for i386 systems) and "#define ENOKEY 126" to the
config.h generated by the configure script. Doing this is a bit worrying.
Pam_keyinit may work properly after setting these values, but it may also
fail causing at best an error when the module is accessed and at worse a
security hole.
So the question is what are the requirements to get pam_keyinit,
pam_namespace, pam_selinux & pam_sepermit, and pam_tty_audit to compile
safely on older systems such as SLES 9 & 10 or RHEL/CentOS 4?
As a second side question my RHEL systems has a PAM module called
pam_console that rpm -qf claims was installed as part of the pam library
suite. No part of the compile process mentions pam_console. Is this module
obsolete, RedHat specific, or part of some other pam bundle?
Many thanks,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20101015/183c3171/attachment.htm>
More information about the Pam-list
mailing list