Opened 8 years ago

Closed 8 years ago

#49040 closed defect (fixed)

Yubico-pam needs to be updated for El Capitan's new filesystem restrictions

Reported by: pkutzner+macports@… Owned by: neverpanic (Clemens Lang)
Priority: Normal Milestone:
Component: ports Version: 2.3.3
Keywords: elcapitan Cc: skyraven_10@…
Port: yubico-pam

Description (last modified by mf2k (Frank Schima))

OSX 10.11 (El Capitan) now denies write access to /System, /bin, /usr, and /sbin even to the root user, however /usr/local/* can still be written to by root. Currently yubico-pam is set to be configured to install to /usr/lib/pam. The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.

Change:

configure.args  --with-pam-dir=/usr/lib/pam \

To:

configure.args  --with-pam-dir=/usr/local/lib/pam \

Change History (3)

comment:1 Changed 8 years ago by mf2k (Frank Schima)

Cc: pkutzner+macports@… removed
Description: modified (diff)
Owner: changed from macports-tickets@… to cal@…

In the future, please use WikiFormatting and Cc the port maintainers (port info --maintainers yubico-pam), if any.

As reporter, you do not need to Cc yourself.

comment:2 in reply to:  description Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: skyraven_10@… added
Keywords: elcapitan added

Replying to pkutzner+macports@…:

The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.

/usr/local is not an acceptable location for any MacPorts port to install files. See wiki:FAQ#defaultprefix and wiki:FAQ#usrlocal.

Has duplicate #49070.

comment:3 Changed 8 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: newclosed

yubico-pam updated to 2.20 and hopefully made compatible with El Cap in r140972. Can you try using /opt/local/lib/pam/pam_yubico.so in your PAM configuration? I hope it just uses dlopen(3) which should work with absolute paths…

I'm closing this for now, please re-open if using absolute paths to the library in the PAM configuration does not work; we'll need to think about a different solution then.

Note: See TracTickets for help on using tickets.