security/pam_appl.h header in different location on some systems

[mistydemeo]

In auth-pam.c and pamdl.c in the auth-pam plugin, OpenVPN includes the security/pam_appl.h header unconditionally:

#include <security/pam_appl.h>

However, this header is installed in a different location on some older systems, pam/pam_appl.h. For example, Mac OS X 10.5 and older ships a compatible PAM in that location.

A search for the issue online suggests that other platforms look for this in the configure script, and conditionally include the appropriate header.

[plaisthos]

I am not sure if it worth supporting OS 10.5.x anymore. And the pam plugin is not used that often either. Tunnelblick, which still supports these old version is also compiled on 10.6.8

[Samuli Seppänen]

Are any other operating systems besides old MacOS X versions affected? If not, we should close this bug report.

Our policy is to support whatever OS versions the OS vendor supports, unless supporting a particular OS proves to be too tricky. This can be the case if the (old) OS in question is lacking some essential components that OpenVPN requires to build and/or run.

[Gert Döring]

Samuli, is there an easy way to check the config log for all buildslaves whether they are successfully building the plugin-auth-pam module? If yes, I think we can close this ticket - all supported platforms (besides MacOS) are tested on the buildslaves, and MacOS 10.6 and up work as well...

[Gert Döring]

Closing this. 10.5 is really, really old, and you really do not want to run an OpenVPN server on such an old and unpatched system ("take the hardware, put Linux or FreeBSD on it instead") - and testing and maintaining configure special rules comes with a given cost ("every change needs to be tested *everywhere* to see if something breaks") so the benefit has to be significant.