<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
On Fri, 2011-08-12 at 16:28 +0200, Matěj Cepl wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Dne 12.8.2011 04:23, Gaetan Nadon napsal(a):
> Thanks for your patience. I noticed that the log to audit will only work
> if PAM is available.
> When a user configures --with-libaudit but PAM is not installed, Linux
> Audit won't work
> and there is no way for the user to figure out why. I'll figure out an
> additional check tomorrow
> and post it. The configuration should abort if libaudit is requested
> (=yes) but libpam is missing.
Wouldn't libaudit fail anyway when -lpam is not present (from the
previous test) in LIBS? Or is the problem missing explicit message for
(very unlikely) situation when user requires libaudit but doesn't have PAM?
</PRE>
</BLOCKQUOTE>
I found this out by testing. I did not have PAM installed. The statement
<BLOCKQUOTE>
<PRE>
AC_CHECK_LIB(audit, audit_log_user_message ...
</PRE>
</BLOCKQUOTE>
<PRE>
emits the following configure test:
</PRE>
<BLOCKQUOTE>
<PRE>
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char audit_log_user_message ();
int
main ()
{
return audit_log_user_message ();
;
return 0;
}
_ACEOF
</PRE>
</BLOCKQUOTE>
<PRE>
The pam library is not needed for the test to be successful.
</PRE>
<BR>
None of the pam or libaudit are installed by defaults on My Debian based distro. PAM is not a prerequisite for libaudit either. An extra check with an appropriate message would be helpful. I'll propose something, testing is time consuming.<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE>
What do you think?
Matěj
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>