Login prompt changed in 9.3

[Maelstorm]

Hello,

I have recently upgraded my FreeBSD machine from 9.1 to 9.3. Since then, I have noticed something strange. When I connect to the machine through the network, I get the usual login: prompt, but after I enter my username, I get a strange password prompt.

FreeBSD/i386 (strata.somedomain.org) (pts/0)

login: userid
Password for userid@strata.somedomain.org:

It didn't do this before. Before I just got a naked password prompt. So, what do I need to do to change it back?

 

[Maelstorm]

After a lot of research and digging through the source, it looks like the modified password prompt is coming from PAM. I found this thread on the forums.

EDIT:

After some more research and more digging through the source, I figured out what the problem was. Because I'm accessing the machine through telnet, it is using the login program to authenticate. However, I couldn't get the correct password prompt to come up. Turns out that pam_self.so does not contain the function pam_get_authtok. This is why it was not recognizing the option authtok_prompt. So, when I changed the module from pam_self.so to pam_unix.so, it started working like it should.

Perhaps someone who is more knowledgeable with PAM can explain the significance as to why pam_self.so was being used for the login profile instead of pam_unix.so. From what I can see, the telnetd profile does use the pam_unix.so module. So at this point I am at a loss as to why pam_self.so was specified.

 

[junovitch@]

All I can offer is to take a look at the release notes.

https://www.freebsd.org/releases/9.3R/announce.html

OpenPAM has been updated to Nummularia (20130907).

I would start with looking at what has changed in the updated version.

 

[ta0kira]

Perhaps someone who is more knowledgeable with PAM can explain the significance as to why pam_self.so was being used for the login profile instead of pam_unix.so. From what I can see, the telnetd profile does use the pam_unix.so module. So at this point I am at a loss as to why pam_self.so was specified.

pam_unix.so is used in both cases, because /etc/pam.d/system is included by /etc/pam.d/login. Just add authtok_prompt in /etc/pam.d/system. I always comment out pam_self.so, however. As far as the change in default prompt, here is where it happened.

Kevin Barry

 

[Maelstorm]

pam_unix.so is used in both cases, because /etc/pam.d/system is included by /etc/pam.d/login. Just add authtok_prompt in /etc/pam.d/system. I always comment out pam_self.so, however. As far as the change in default prompt, here is where it happened.

Based on the code that I saw, I kinda gathered that's what happened. As for the changes to login, I reverted them back to the way that I found it using pam_self.so. I noticed that a profile was being included called system. So I looked at the system profile and I saw that there was a pam_unix.so there so I added the option to that line. Now everything seems to work just fine. Looking through the other profiles, the entries in them seem to be redundant since they all seem to have the same module chain as the system profile. Was this an oversight or was it by design?

All I can offer is to take a look at the release notes.

https://www.freebsd.org/releases/9.3R/announce.html

OpenPAM has been updated to Nummularia (20130907).

I would start with looking at what has changed in the updated version.

I am by no means an expert in PAM. Therefore, I defer to those who are more knowledgeable than me. My apologies for all these questions. This is the first time since I started using FreeBSD back in 1999 (FreeBSD 3.2) or so that I even messed with PAM because I never had a need to before.