[MacPorts] #49040: Yubico-pam needs to be updated for El Capitan's new filesystem restrictions
#49040: Yubico-pam needs to be updated for El Capitan's new filesystem restrictions ---------------------------------+-------------------------------- Reporter: pkutzner+macports@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Keywords: | Port: yubico-pam ---------------------------------+-------------------------------- OSX 10.11 (El Capitan) now denies write access to /System, /bin, /usr, and /sbin even to the root user, however /usr/local/* can still be written to by root. Currently yubico-pam is set to be configured to install to /usr/lib/pam. The configuration file needs to be changed so that '--with- pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam. Change: configure.args --with-pam-dir=/usr/lib/pam \ To: configure.args --with-pam-dir=/usr/local/lib/pam \ -- Ticket URL: <https://trac.macports.org/ticket/49040> MacPorts <https://www.macports.org/> Ports system for OS X
#49040: Yubico-pam needs to be updated for El Capitan's new filesystem restrictions ----------------------------------+------------------- Reporter: pkutzner+macports@… | Owner: cal@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: Port: yubico-pam | ----------------------------------+------------------- Changes (by mf2k@…): * cc: pkutzner+macports@… (removed) * owner: macports-tickets@… => cal@… Old description:
OSX 10.11 (El Capitan) now denies write access to /System, /bin, /usr, and /sbin even to the root user, however /usr/local/* can still be written to by root. Currently yubico-pam is set to be configured to install to /usr/lib/pam. The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.
Change: configure.args --with-pam-dir=/usr/lib/pam \
To: configure.args --with-pam-dir=/usr/local/lib/pam \
New description: OSX 10.11 (El Capitan) now denies write access to /System, /bin, /usr, and /sbin even to the root user, however /usr/local/* can still be written to by root. Currently yubico-pam is set to be configured to install to /usr/lib/pam. The configuration file needs to be changed so that '--with- pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam. Change: {{{ configure.args --with-pam-dir=/usr/lib/pam \ }}} To: {{{ configure.args --with-pam-dir=/usr/local/lib/pam \ }}} -- Comment: In the future, please use WikiFormatting and Cc the port maintainers ({{{port info --maintainers yubico-pam}}}), if any. As reporter, you do not need to Cc yourself. -- Ticket URL: <https://trac.macports.org/ticket/49040#comment:1> MacPorts <https://www.macports.org/> Ports system for OS X
#49040: Yubico-pam needs to be updated for El Capitan's new filesystem restrictions ----------------------------------+----------------------- Reporter: pkutzner+macports@… | Owner: cal@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: elcapitan Port: yubico-pam | ----------------------------------+----------------------- Changes (by ryandesign@…): * cc: skyraven_10@… (added) * keywords: => elcapitan Comment: Replying to [ticket:49040 pkutzner+macports@…]:
The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.
/usr/local is not an acceptable location for any MacPorts port to install files. See wiki:FAQ#defaultprefix and wiki:FAQ#usrlocal. Has duplicate #49070. -- Ticket URL: <https://trac.macports.org/ticket/49040#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X
#49040: Yubico-pam needs to be updated for El Capitan's new filesystem restrictions ----------------------------------+----------------------- Reporter: pkutzner+macports@… | Owner: cal@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: fixed | Keywords: elcapitan Port: yubico-pam | ----------------------------------+----------------------- Changes (by cal@…): * status: new => closed * resolution: => fixed Comment: yubico-pam updated to 2.20 and hopefully made compatible with El Cap in r140972. Can you try using `/opt/local/lib/pam/pam_yubico.so` in your PAM configuration? I hope it just uses `dlopen(3)` which should work with absolute paths… I'm closing this for now, please re-open if using absolute paths to the library in the PAM configuration does not work; we'll need to think about a different solution then. -- Ticket URL: <https://trac.macports.org/ticket/49040#comment:3> MacPorts <https://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts