Usermin on macOS login works only when checking pam_authenticate() is turned off

[gilcel]

I finally found out how to login with Usermin on macOS.
Tested usermin 1.791 on macOS 10.14.6, perl 5.28 with Authen::PAM 0.16 from macports.org

By modifying "miniserv.pl" by commenting out the the $pamh->pam_authenticate(); at line 145, works!

# check if the PAM authentication can be used by opening a
# PAM handle
...
$pam_username = "test";
$pam_password = "test";
			
#$pamh->pam_authenticate();  # <========= Login WORKS when not used
$use_pam = 1; # HACK set "use_pam to true" on macOS to allow login

Then the "validate_unix_user" subroutine is called, and login works.

If you don't comment out the line (testing $pamh->pam_authenticate() ) then the login will spin forever (tried on Firefox 72 and Safari).

Here's my /etc/pam.d/usermin which works on macOS:

# login: auth account password session
auth	  sufficient	pam_opendirectory.so try_first_pass
auth	  required	pam_deny.so
account	 required		pam_permit.so
password required	pam_deny.so
session	required		pam_permit.so

Anyone had this issue on Linux ?

[jcameron]

I haven't seen this on Linux, sorry.

You can also turn off PAM by adding the line no_pam=1 to /etc/usermin/miniserv.conf

[gilcel]

Thanks for this, but if turning off PAM as you mentioned, login on macOS won't work, since it will then try to retrieve user's password with the command (from /etc/usermin/miniserv.conf):

passwd_file=nidump passwd . |

This is an old and incompatible command, replaced with dsexport since Mac OS X 10.5.

I will try to find a solution and hopefully make a pull request if you don't mind.