Opened 11 years ago

Closed 9 years ago

#326 closed Bug / Defect (wontfix)

security/pam_appl.h header in different location on some systems

Reported by: mistydemeo Owned by:
Priority: trivial Milestone:
Component: plug-ins / plug-in API Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


In auth-pam.c and pamdl.c in the auth-pam plugin, OpenVPN includes the security/pam_appl.h header unconditionally:

#include <security/pam_appl.h>

However, this header is installed in a different location on some older systems, pam/pam_appl.h. For example, Mac OS X 10.5 and older ships a compatible PAM in that location.

A search for the issue online suggests that other platforms look for this in the configure script, and conditionally include the appropriate header.

Change History (4)

comment:1 Changed 11 years ago by plaisthos

I am not sure if it worth supporting OS 10.5.x anymore. And the pam plugin is not used that often either. Tunnelblick, which still supports these old version is also compiled on 10.6.8

comment:2 Changed 11 years ago by Samuli Seppänen

Priority: majortrivial

Are any other operating systems besides old MacOS X versions affected? If not, we should close this bug report.

Our policy is to support whatever OS versions the OS vendor supports, unless supporting a particular OS proves to be too tricky. This can be the case if the (old) OS in question is lacking some essential components that OpenVPN requires to build and/or run.

comment:3 Changed 10 years ago by Gert Döring

Samuli, is there an easy way to check the config log for all buildslaves whether they are successfully building the plugin-auth-pam module? If yes, I think we can close this ticket - all supported platforms (besides MacOS) are tested on the buildslaves, and MacOS 10.6 and up work as well...

comment:4 Changed 9 years ago by Gert Döring

Resolution: wontfix
Status: newclosed

Closing this. 10.5 is really, really old, and you really do not want to run an OpenVPN server on such an old and unpatched system ("take the hardware, put Linux or FreeBSD on it instead") - and testing and maintaining configure special rules comes with a given cost ("every change needs to be tested *everywhere* to see if something breaks") so the benefit has to be significant.

Note: See TracTickets for help on using tickets.