FreeBSD needs the main sudo executable to link with -lpam when

loading dynaic pam modules for some reason.

diff --git a/configure b/configure
index e9b88a727a35e2146981ff80234bf5e1a69d6296..368da0c11287b16bcb744359c4f60f1d0dcd2cc0 100755 (executable)
--- a/configure
+++ b/configure
@@ -17057,9 +17057,17 @@ if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
 fi
 
 if test ${with_pam-"no"} != "no"; then
-    # Note: we already link the main sudo program with -ldl as needed
+    # We already link with -ldl (see LIBDL below) so no need for that here.
     SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
 
+    # There should be no need to link the sudo front-end with PAM
+    # as all PAM calls happen via the sudoers plugin.
+    # Unfortunately, not doing so causes problems on FreeBSD at least.
+    case "$OS" in
+       freebsd)
+           LIBS="${LIBS} -lpam";;
+    esac
+
                     for ac_header in security/pam_appl.h pam/pam_appl.h
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`

diff --git a/configure.in b/configure.in
index e189b2edcab47f117884d716601d78e31b9803c6..3475f32001197b44ca6f55c9cb7337dbfe71d86c 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -2263,9 +2263,17 @@ dnl PAM support.  Systems that use PAM by default set with_pam=default
 dnl and we do the actual tests here.
 dnl
 if test ${with_pam-"no"} != "no"; then
-    # Note: we already link the main sudo program with -ldl as needed
+    # We already link with -ldl (see LIBDL below) so no need for that here.
     SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
 
+    # There should be no need to link the sudo front-end with PAM
+    # as all PAM calls happen via the sudoers plugin.
+    # Unfortunately, not doing so causes problems on FreeBSD at least.
+    case "$OS" in
+       freebsd)
+           LIBS="${LIBS} -lpam";;
+    esac
+
     dnl
     dnl Some PAM implementations (MacOS X for example) put the PAM headers
     dnl in /usr/include/pam instead of /usr/include/security...