Tonight William Crowell reported me a problem with the current stable and testing sys-libs/pam (0.78). Basically pam_wheel.so seems to choke on big (but not that big) /etc/group file. Add another nail on the current version of Linux-PAM in portage, it’s time to think of a strategy to update it.
For the ones who didn’t follow the current story with PAM support in Gentoo, the version currently stable and testing is quite ancient, even Debian testing seems to have a more recent version now, as the current one is 0.99.6. When I decided to update it to a more recent version, I removed the RedHat patches (as I didn’t really want to mess that badly with PAM, being a security package, and not trusting RedHat patches that much anymore, cdparanoia is a good example of why I don’t like it), and then removed much of the old ebuild’s logic, that was written by Azarah and I didn’t really understand entirely. This removed the working pam_userdb module (berkdb useflag) and the pam_console module relied upon by gentopia devs.
After that, Martin did return, re-added berkdb support to PAM, and disappeared again, and the ebuild lingered back again, till I updated it one more time, and created sys-auth/pam_userdb to install that single module from inside the Linux-PAM source tree.
Now, I had to find a way to fix also the pam_console module, so while working on envelopes, getting hate mail for the XMMS masking, and feeling sorry for the unreality in which some people seems to live, I tried to make some space in my time schedule to work on it. Unfortunately RedHat does not seem to have a simple tarball of the pam_console module by itself, they patch it inside the pam package (sigh), and don’t release anything but a source rpm… the result is the current sys-auth/pam_console, that actually unpacks quite more sources than are needed. To simplify the build, I wrote a simple configure.ac script that only checks for the minimal stuff, and the builds it, it was not easy to rewrite the Makefile.am in a static Makefile.
Now I’ve opened a bug to ask for re-keywording of the new pam ebuilds, and in a couple of days you’ll have a new pam to update to, the ABI should still be the same.