14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?

Reply: Ronald Klop : "Re: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?"
Reply: Dag-Erling_Smørgrav : "Re: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Grimm <trashcan_at_ellael.org>
Date: Mon, 07 Aug 2023 20:43:22 UTC

Hi,

I'm currently in the process to prepare for upcoming 14-STABLE. Thus, I upgraded one of my sytems from 13-STABLE to 14-CURRENT.

Everything went fine, except for programs that need /usr/lib/pam_opie.so which are:

1) jexec <jailname> /usr/bin/login -u <user>
2) redis-server
3) mariadb1011-server

Error messages:

	su[6371]: in openpam_load_module(): no pam_opie.so found
	su[6371]: pam_start: System error

Well, although it has been reported some time ago that pam_opie and pam_opieaccess.so will become removed in Freebsd 14, there is a port security/opie providing both libraries. Quick workaround.

But I want to understand why the above mentioned programs do fail although not dynamically linked against /usr/lib/pam_opie.so

MWN> ldd /usr/bin/login
	/usr/bin/login:
	libutil.so.9 => /lib/libutil.so.9 (0xd408ecf7000)
	libpam.so.6 => /usr/lib/libpam.so.6 (0xd408f6f2000)
	libbsm.so.3 => /usr/lib/libbsm.so.3 (0xd4090dab000)
	libc.so.7 => /lib/libc.so.7 (0xd408f99d000)
	[vdso] (0xd408e18f630)

MWN> ldd /usr/local/bin/redis-server
	/usr/local/bin/redis-server:
	libthr.so.3 => /lib/libthr.so.3 (0x89a8847f000)
	libm.so.5 => /lib/libm.so.5 (0x89a87beb000)
	libexecinfo.so.1 => /usr/lib/libexecinfo.so.1 (0x89a891c7000)
	libssl.so.30 => /usr/lib/libssl.so.30 (0x89a8a271000)
	libcrypto.so.30 => /lib/libcrypto.so.30 (0x89a8b02b000)
	libc.so.7 => /lib/libc.so.7 (0x89a8c7fe000)
	libelf.so.2 => /lib/libelf.so.2 (0x89a8949b000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x89a8bb85000)
	[vdso] (0x89a87323630)

MWN> ldd /usr/local/libexec/mariadbd
	/usr/local/libexec/mariadbd:
	libpcre2-8.so.0 => /usr/local/lib/libpcre2-8.so.0 (0x145ae576f000)
	libwrap.so.6 => /usr/lib/libwrap.so.6 (0x145ae64a5000)
	libcrypt.so.5 => /lib/libcrypt.so.5 (0x145ae74be000)
	libz.so.6 => /lib/libz.so.6 (0x145ae7d0b000)
	libm.so.5 => /lib/libm.so.5 (0x145ae8b3e000)
	libexecinfo.so.1 => /usr/lib/libexecinfo.so.1 (0x145ae6e03000)
	libssl.so.30 => /usr/lib/libssl.so.30 (0x145ae9575000)
	libcrypto.so.30 => /lib/libcrypto.so.30 (0x145aeafff000)
	libc++.so.1 => /lib/libc++.so.1 (0x145ae9e3b000)
	libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x145aeaa85000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x145aec745000)
	libthr.so.3 => /lib/libthr.so.3 (0x145aebf10000)
	libc.so.7 => /lib/libc.so.7 (0x145aec7fa000)
	libelf.so.2 => /lib/libelf.so.2 (0x145aee867000)
	[vdso] (0x145ae5010630)

Which alternatives to pam_opie should I investigate?
Reason: I want to get rid of security/opie

Thanks and regards,
Michael