Bug 211424 - x11/xscreensaver Pam failure on FreeBSD 11
Summary: x11/xscreensaver Pam failure on FreeBSD 11
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Niclas Zeising
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-28 18:21 UTC by Roberto de Iriarte
Modified: 2020-02-19 22:28 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (zeising)


Attachments
Patch to enable PAM by default (352 bytes, patch)
2020-02-19 22:28 UTC, Jason W. Bacon
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Roberto de Iriarte 2016-07-28 18:21:40 UTC
Xscreensaver seems unable to use PAM on FreeBSD 11-BETA2

After recompiling the port with PAM support, i have been unable to get it to use any form of pam authentication whatsoever

Enabling debug on the authentication method produces the following log

Jul 27 23:41:13 t420s xscreensaver: in openpam_dispatch(): calling pam_sm_authenticate() in /usr/lib/pam_unix.so.6
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): entering: 'auth_as_self'
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): returning NULL
Jul 27 23:41:13 t420s xscreensaver: in pam_get_user(): entering
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_USER
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in pam_get_user(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in pam_sm_authenticate(): Got user: roberto
Jul 27 23:41:13 t420s xscreensaver: in pam_sm_authenticate(): Doing real authentication
Jul 27 23:41:13 t420s xscreensaver: in pam_get_authtok(): entering
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_RHOST
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_OLDAUTHTOK
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): entering: 'try_first_pass'
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): returning ''
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_AUTHTOK
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): entering: 'use_first_pass'
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): returning NULL
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): entering: 'authtok_prompt'
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): returning NULL
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_AUTHTOK_PROMPT
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in openpam_subst(): entering: 'Password:'
Jul 27 23:41:13 t420s xscreensaver: in openpam_subst(): returning PAM_SUCCESS
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): entering: 'echo_pass'
Jul 27 23:41:13 t420s xscreensaver: in openpam_get_option(): returning NULL
Jul 27 23:41:13 t420s xscreensaver: in pam_vprompt(): entering
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): entering: PAM_CONV
Jul 27 23:41:13 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:26 t420s xscreensaver: in pam_vprompt(): returning PAM_SUCCESS
Jul 27 23:41:26 t420s xscreensaver: in pam_set_item(): entering: PAM_AUTHTOK
Jul 27 23:41:26 t420s xscreensaver: in pam_set_item(): returning PAM_SUCCESS
Jul 27 23:41:26 t420s xscreensaver: in pam_get_item(): entering: PAM_AUTHTOK
Jul 27 23:41:26 t420s xscreensaver: in pam_get_item(): returning PAM_SUCCESS
Jul 27 23:41:26 t420s xscreensaver: in pam_get_authtok(): returning PAM_SUCCESS
Jul 27 23:41:26 t420s xscreensaver: in pam_sm_authenticate(): Got password
Jul 27 23:41:26 t420s xscreensaver: in openpam_get_option(): entering: 'no_warn'
Jul 27 23:41:26 t420s xscreensaver: in openpam_get_option(): returning ''
Jul 27 23:41:26 t420s xscreensaver: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_authenticate(): authentication error

pam_fprintd.so fails in the same manner

All the other pam-aware applications work perfectly on my setup so i am confident that the problem is in xscreensaver. It used to work on FreeBSD 10.3-RELEASE, however
Comment 1 Tobias Kortkamp freebsd_committer 2018-03-14 06:42:10 UTC
Is this still a problem? It works fine for me on 11.1-RELEASE.
Comment 2 Tobias Kortkamp freebsd_committer 2018-03-14 09:36:05 UTC
(In reply to Tobias Kortkamp from comment #1)
Nevermind. It does not work.  So to answer my own question: Yes, it's still a problem.
Comment 3 Jason W. Bacon freebsd_committer 2020-02-19 22:28:24 UTC
Created attachment 211769 [details]
Patch to enable PAM by default


If I install from source with the PAM option checked, it works fine for me on 12.1-RELEASE.  I haven't tested on 11.x.

Can we enable PAM support by default?  Patch attached.

I manage some desktop systems in a campus environment where people authenticate via AD and need PAM support in order to unlock their screens with their campus password.

I can build from source of course, but then if "pkg upgrade" installs a new version/revision, it will lose PAM support and people won't be able to unlock their screens.

I can do the commit myself with maintainer approval.