Package: login-duo Version: 1.7-2.3 Severity: important
While backporting duo-unix to squeeze (for my use) I ran into the problem that due to a check in configure.ac (and thus configure) the DUO_PRIVSEP_USER is set to nobody instead of the expected "sshd" (which is also neede to use login_duo as a ForceCommand directive in sshd_config). This breaks login_duo's use as it will constantly complain that the user that is logging is does not have the permissions to read login_duo.conf. This is correct and is caused by the fact that the sshd-user does not exist in a fakeroot/pbuilder. The test in configure.ac checks this and if that user doesn't exist falls back to nobody which causes the problem above. I've contacted the developers in the hope they'll provide a switch to change this behaviour but in the meantime the Debian package should probably force the DUO_PRIVSEP_USER to "sshd" regardless in order for login_duo to function as expected and documented on the duosecurity website. -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/24 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 Shell: /bin/sh linked to /bin/dash Versions of packages login-duo depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libduo3 1.7-2.3 Duo Security library ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8o-4squeeze2 SSL shared libraries ii openssh-server 1:5.5p1-6 secure shell (SSH) server, for sec login-duo recommends no packages. login-duo suggests no packages. -- Configuration Files: /etc/security/login_duo.conf [Errno 13] Permission denied: u'/etc/security/login_duo.conf' -- debconf information excluded -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
