Volition

Holy authentication labyrinths, Batman!

For years, I have been getting messsages on the console of my FreeBSD servers like:

Oct 19 15:40:32 pacific /kernel: Oct 19 15:40:32 pacific sshd[41359]: unable to resolve symbol: pam_sm_chauthtok

Not only from sshd, but any application that had to perform some sort of authentication. Now, I knew the pam_chauthtok primitive is part of the PAM password facility and I had tried commenting out the facility completely, using pam_unix.so or pam_permit.so, searching Google and the FreeBSD mailing lists, to no avail.

But I've just fixed it!

Turns out that even though I'm using the new-ish, separate files in /etc/pam.d configuration style (rather than one big /etc/pam.conf file) the other service still gets consulted if a facility hasn't been specified for the service. I assume it is also consulted if the control flags for a service can allow it to fall through.

So commenting out the facility in the appropriate service files and other fixed it. I was skimming an introduction to PAM on FreeBSD when the idea occured to me.

Yay!

In other news, Operations Research II sucks.