ThomasHabets
commented
4 years ago Did you try recompiling?
Tried adding debug to the PAM config?
Open cwren opened 4 years ago
ThomasHabets
commented
4 years ago Did you try recompiling?
Tried adding debug to the PAM config?
cwren
commented
4 years ago I did recompile from head. I had to also crank up the debug level in asl.conf to finally see: sshd in openpam_load_module(): no pam_google_authenticator.so found
Specifying the full path to the .so in pam.d/sshd did the trick. I don't remember having to do that before.
ThomasHabets
commented
4 years ago By "did the trick" you mean everything now works?
Interesting. I guess Mac changed the search path for modules. I don't have a Mac, but I assume there's something like strace that would reveal the paths used?
cwren
commented
4 years ago yes sorry: it works now. I can't find any documentation about the search path, and /usr/lib/pam is now mounted readonly on catalina. I guess if I was going to lock down the pam module directory by making it read only I would not also include a read-write directory in the search path. I'll keep poking, but my guess is that is the directory and the thing to do is include the full path in the config file.
Mar 11 16:55:18 inguz com.apple.xpc.launchd[1] (com.openssh.sshd.---]): Service exited with abnormal code: 255
I can't find any other logs. The update from 10.14 removed authenticator from pam.d/sshd. When I put it back, it causes sshd to crash. I pulled master from github and recompiled: no change.
any ideas? where can I get more detailed logs?
examples/demo runs fine