On Mon, Feb 25, at 05:58 Dan Nicholson wrote:
> On Sun, Feb 24, 2008 at 10:40 PM, DJ Lucas <[EMAIL PROTECTED]> wrote:
> > Alexander E. Patrakov wrote:
> > > DJ Lucas wrote:
> > >> pam_xauth — PAM module to forward xauth keys between users
> > >
> > > Is it possible to compile it in such a way that it thinks that the
> > "xauth"
> > > command exists in the proper place, without actually installing X window
> > system?
> > > If this is the case, add the instructions and drop the dependency.
> > >
> >
> > Excellent idea! Thank you Alexander. Nothing here that requires it
> > other than configure itself, which can be bypassed:
> > =============================
> > case $pam_xauth_path in
> > [\\/]* | ?:[\\/]*)
> > ac_cv_path_pam_xauth_path="$pam_xauth_path" # Let the user override
> > the test with a path.
> > ;;
>
> In fact, there's a --with-xauth option, just like openssh has. Hmm, we
> don't mention that either.
>
To resume this old thread from last January.
========================================================================
Sshd in order to set up the authentication correctly, uses xauth,
but is looking for the xauth binary in (/usr/X11R6/bin), which obviously
is a problem for those who install X in /usr (the majority I guess).
As a result I was receiving errors, such "Can't open display" or
slowdowns.
I found 3 solutions.
a. The configure switch "--with-xauth=/usr/bin/xauth"
b. The following sed,
sed -i '/_PATH_XAUTH/s at X11R6/@@' pathnames.h
c. Specify the location of the xauth binary in sshd_config:
XAuthLocation /usr/bin/xauth
========================================================================
This is a problem *only* if you build openssh before Xorg, otherwise
openssh auto-detects the xauth corectly.
Here is the patch (attached) which is based in Dan's answer. [1]
Sounds good for everybody? Otherwise please leave comments.
http://linuxfromscratch.org/pipermail/blfs-dev/2007-January/016047.html
--
http://wiki.linuxfromscratch.org/blfs/wiki/Hacking
Index: server/major/openssh.xml
===================================================================
--- server/major/openssh.xml (revision 7193)
+++ server/major/openssh.xml (working copy)
@@ -109,7 +109,8 @@
<screen><userinput>sed -i 's@ -ldes@@' configure &&
./configure --prefix=/usr --sysconfdir=/etc/ssh --datadir=/usr/share/sshd \
--libexecdir=/usr/lib/openssh --with-md5-passwords \
- --with-privsep-path=/var/lib/sshd &&
+ --with-privsep-path=/var/lib/sshd \
+ --with-xauth=/usr/bin/xauth &&
make</userinput></screen>
<para>If you linked <application>tcp_wrappers</application> into the
@@ -183,6 +184,18 @@
<para><parameter>--with-pam</parameter>: This parameter enables
<application>Linux-PAM</application> support in the build.</para>
+ <para><parameter>--with-xauth=/usr/bin/xauth</parameter>: If
+ <application>Openssh</application> is installed before
+ <application>Xorg</application>, it hardcodes the path to
+ <command>xauth</command> in
+ <filename class='directory'>/usr/X11R6/bin/xauth<filename>.
+ Omit this switch if you build <application>Openssh</application> after
+ <application>Xorg</application>, or if you are going to install
+ <application>Xorg</application> into
+ <filename class='directory'>/usr/X11R6<filename>, or if you don't have the
+ intentions to use X11 forwarding.
+ </para>
+
</sect2>
<sect2 role="configuration">
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
