Yubico-pam needs to be updated for El Capitan's new filesystem restrictions

[pkutzner+macports@…]

OSX 10.11 (El Capitan) now denies write access to /System, /bin, /usr, and /sbin even to the root user, however /usr/local/* can still be written to by root. Currently yubico-pam is set to be configured to install to /usr/lib/pam. The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.

Change:

configure.args  --with-pam-dir=/usr/lib/pam \

To:

configure.args  --with-pam-dir=/usr/local/lib/pam \

[mf2k (Frank Schima)]

In the future, please use WikiFormatting and Cc the port maintainers (port info --maintainers yubico-pam), if any.

As reporter, you do not need to Cc yourself.

[ryandesign (Ryan Carsten Schmidt)]

Replying to pkutzner+macports@…:

The configuration file needs to be changed so that '--with-pam-dir' in the configure.args section points to /usr/local/lib/pam instead of /usr/lib/pam.

/usr/local is not an acceptable location for any MacPorts port to install files. See wiki:FAQ#defaultprefix and wiki:FAQ#usrlocal.

Has duplicate #49070.

[neverpanic (Clemens Lang)]

yubico-pam updated to 2.20 and hopefully made compatible with El Cap in r140972. Can you try using /opt/local/lib/pam/pam_yubico.so in your PAM configuration? I hope it just uses dlopen(3) which should work with absolute paths…

I'm closing this for now, please re-open if using absolute paths to the library in the PAM configuration does not work; we'll need to think about a different solution then.