Re: Public key Authentication broken under HP-UX?

From: Ted Pardike (tpardike_at_utah.gov)
Date: 09/24/03

Next message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"

Previous message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"
Maybe in reply to: Ted Pardike: "Public key Authentication broken under HP-UX?"
Next in thread: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 24 Sep 2003 15:42:43 -0600
To: <dtucker@zip.com.au>

Darren,

I have had problems with previous releases not automatically
configuring with the defaults. So, I use the following to configure:
  SRC=/depot/software/openssh
  CCOPTS="-I /opt/sys_utils/include -L /opt/sys_utils/lib"
  export CCOPTS
  CFLAGS="+O3 +ESlit +Optrs_strongly_typed"
  export CFLAGS

  ./configure --prefix=/opt/openssh \
  --sysconfdir=/etc/ssh \
  --with-prngd-socket=/var/run/egd-pool \
  --with-ssl-dir=$SRC/openssl-0.9.7b \
  --with-zlib=$SRC/zlib-1.1.4 \
  --with-default-path=/usr/bin:/opt/openssh/bin \
  --with-tcp-wrappers \
  --with-pam \
  --without-privsep-user \
  --without-privsep-path

So, "--with-pam" was specified.

I saw the thread "SSHD 3.7.1p2 on HP-UX" on the openssh-unix-dev list.
Security issues aside, is it safe to presume that I should stay with
3.6.1p1 until the HP-UX (Trusted) issues get worked out?
Also, is it the PAM/HP-UX issues that are preventing public key
authentication above 3.6.1p1?

Thanks,
Ted

>>> Darren Tucker <dtucker@zip.com.au> 9/24/2003 3:00:51 PM >>>
Ted Pardike wrote:
>
> Darren,
>
> Thank-you for the reply.
>
> By the way, I tried 3.7.1p2 yesterday, and things are just getting
> worse (I think it may be a PAM issue).
> Messages found in syslog:
> sshd[985]: User tpardike not allowed because account is locked
> sshd[985]: input_userauth_request: illegal user tpardike

As it says in the release notes, UsePAM now defaults to "no", you
probably
need to put "UsePAM yes" into your sshd_config. Unfortunately, there
is a
problem with non-PAM authentication on Trusted Mode HP-UX, see:
http://bugzilla.mindrot.org/show_bug.cgi?id=633

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the
experience
usually comes from bad judgement.

Next message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"

Previous message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"
Maybe in reply to: Ted Pardike: "Public key Authentication broken under HP-UX?"
Next in thread: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]