I am trying to use PAM to authenticate OpenVPN against 2FA (not important info). Here is my PAM configuration:
account required pam_permit.so
auth required pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=root forward_pass nullok debug authtok_prompt=pin
I have an issue in the first line (or wherever I put it). Using the line as shown causes the PAM configuration to break for some reason I don't understand:
/var/log/auth.log:
: No such file or directoryrary /lib/security/pam_permit.so PAM unable to dlopen(/lib/security/pam_permit.so
2022-01-06 23:02:53 err openvpn(pam_google_authenticato[9]: PAM adding faulty module: /lib/security/pam_permit.so
However, adding ANYTHING at the end of that line (even a space or any dummy text) causes my PAM configuration to work perfectly! So in other words having this account required pam_permit.so (notice the space at the end), or this account required pam_permit.so DUMMY works!
I don't understand what is the reason. Could anyone help me to understand what is the issue here?
I am in a Docker container (alpine image).
One other strange behavior I observed: putting nullok, or debug flags at the end of the second line causes the configuration to become invalid, but putting them in the middle fixes the issue. What is going on? T
