Re: openssh-portable and s/key passwords
From: Peter Pentchev (roam@ringlet.net)
Date: 06/26/02
- Next message: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Previous message: Philip J. Koenig: "Binary upgrade available"
- In reply to: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Next in thread: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Reply: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Jun 2002 15:19:26 +0300 From: Peter Pentchev <roam@ringlet.net> To: Maxim Kozin <madmax@express.ru>
On Wed, Jun 26, 2002 at 04:09:49PM +0400, Maxim Kozin wrote:
> > I'm not sure if it's relevant to FreeBSD but debian advisory
> > http://www.debian.org/security/2002/dsa-134
> > says:
> >
> > * keyboard interactive authentication does not work with privilege seperation.
> > Most noticable for Debian users this breaks PAM modules which need a PAM conversation
> > function (like the OPIE module).
>
> Problem: setup openssh + pam(some self-write module)
> When I don't create full chroot enviromnet in /usr/local/empty,
> sshd -d -d -d fail in start_pam.
> All symbol in my_pam.so must be resolved on privsep step, because
> copy in chroot all need libs,/etc/pam.conf and /etc/passwd
> Now I can see, that pam started, make succefuly auth.
> BUt session disconected with diagnostic:
> debug3: monitor_read: checking request 24
> debug3: mm_send_keystate: Finished sending state
> monitor_read: unsupported request: 24
> debug1: Calling cleanup 0x806d98c(0x0)
>
> "Request type 24" is some about tty/pty ?
Could you try creating the tty* and possibly the pty* device nodes in
the chroot environment's /dev?
G'luck,
Peter
-- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Previous message: Philip J. Koenig: "Binary upgrade available"
- In reply to: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Next in thread: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Reply: Maxim Kozin: "Re: openssh-portable and s/key passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
