External_auth is broken when you want to use pam as the authentication mechanism. The problem lies in /usr/local/lib/python3.9/site-packages/salt/auth/pam.py where line 240 is this: pyexe = pathlib.Path(__opts__.get("auth.pam.python", "/usr/bin/python3")).resolve() But that python location doesn't exist. That's a linux location. When you change the path to the actual python location then it all works fine. pyexe = pathlib.Path(__opts__.get("auth.pam.python", "/usr/local/bin/python3.9")).resolve()
FYI: I'm not sure if this is the solution. It just works when I change the path. There may be better ways to automatically point to the system's python executable so it's a bit less static but that's a bit beyond my knowledge.
Created attachment 248879 [details] Fixed static (linux) python path in pam module This fixes the use of pam as an external-authentication module. This is broken now because it has a static path to /usr/bin/python3. I replaced it with the FreeBSD path to /usr/local/python3.9 by using ${PYTHON_CMD} so this should keep working if FreeBSD upgrades the Python version.
What do I have to do to get some response to this? I don't expect it to be ignored on purpose so did I report this in a wrong way? Does it need more info? Did I forget something? I added the fix. all it needs is a "hm, yeah that looks okay" stamp of approval..
The proper way to do this is to have USES= shebangfix and SHEBANG_FILES= salt/auth/pam.py
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a75ba7b59a399278570d35bb026e8d5f00ef476d commit a75ba7b59a399278570d35bb026e8d5f00ef476d Author: Michele Possamai <michele@possamai.nl> AuthorDate: 2024-03-30 10:09:43 +0000 Commit: Gleb Popov <arrowd@FreeBSD.org> CommitDate: 2024-03-30 10:13:20 +0000 sysutils/py-salt: Fix python path in the pam module code PR: 274975 Approved by: krion (maintainer timeout) sysutils/py-salt/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Pushed, thank you.