<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2"> </HEAD> <BODY> On Fri, 2011-08-12 at 16:28 +0200, Matěj Cepl wrote: <BLOCKQUOTE TYPE=CITE> <PRE> Dne 12.8.2011 04:23, Gaetan Nadon napsal(a): > Thanks for your patience. I noticed that the log to audit will only work > if PAM is available. > When a user configures --with-libaudit but PAM is not installed, Linux > Audit won't work > and there is no way for the user to figure out why. I'll figure out an > additional check tomorrow > and post it. The configuration should abort if libaudit is requested > (=yes) but libpam is missing. Wouldn't libaudit fail anyway when -lpam is not present (from the previous test) in LIBS? Or is the problem missing explicit message for (very unlikely) situation when user requires libaudit but doesn't have PAM? </PRE> </BLOCKQUOTE> I found this out by testing. I did not have PAM installed. The statement <BLOCKQUOTE> <PRE> AC_CHECK_LIB(audit, audit_log_user_message ... </PRE> </BLOCKQUOTE> <PRE> emits the following configure test: </PRE> <BLOCKQUOTE> <PRE> cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h.  */ /* Override any GCC internal prototype to avoid an error.    Use char because int might match the return type of a GCC    builtin and then its argument prototype would still apply.  */ #ifdef __cplusplus extern "C" #endif char audit_log_user_message (); int main () { return audit_log_user_message ();   ;   return 0; } _ACEOF </PRE> </BLOCKQUOTE> <PRE> The pam library is not needed for the test to be successful. </PRE> None of the pam or libaudit are installed by defaults on My Debian based distro. PAM is not a prerequisite for libaudit either. An extra check with an appropriate message would be helpful. I'll propose something, testing is time consuming. <BLOCKQUOTE TYPE=CITE> <PRE> What do you think? Matěj </PRE> </BLOCKQUOTE> </BODY> </HTML>