Re: UsePAM no

• Previous message: Olivier PONSINET: "RE: SSH1 Client SDK for Windows ?"
• Maybe in reply to: Benny Helms: "UsePAM no"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Ryan A. Krenzischek" <krenzischek@Encompasserve.org>
Date: Thu, 25 Sep 2003 09:15:58 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 25 September 2003 08:02, Ryan A. Krenzischek wrote:
> The version of OpenSSH you were using was not built with
> PAM so when sshd started up it displayed an error.
>
> Ryan

Hi Ryan,

When I read your message above, I hoped that was the case. In fact, as soon as I read your message, I thought "D'oh! Of course!"

So I quickly compiled a new sshd version 3.6p1 (no particular reason for the version; just didn't want the latest), with the following configure:
   ./configure --with-pam --with-xauth=/usr/X11R6/bin/xauth --with-ssl-dir=/usr/local/ssl

Then I slipped "UsePAM no" into the /usr/local/etc/sshd_config file, and ran './sshd -t' from within the compilation folder, with the following result:
   /usr/local/etc/sshd_config: line 92: Bad configuration option: UsePAM
   /usr/local/etc/sshd_config: terminating, 1 bad configuration options

So I changed the line to read "UsePam no" and tried './sshd -t' from within the compilation folder again, with the following result:
   /usr/local/etc/sshd_config: line 92: Bad configuration option: UsePam
   /usr/local/etc/sshd_config: terminating, 1 bad configuration options

Then, as I was writing the section above, I began to wonder if it was version 3.6p1 that wasn't happy with "UsePAM no", so I compiled version 3.7.1p1 (since that was the version they were telling us to "UsePam no" on) using the same configure command. That newly compiled sshd version 3.7.1p1 did NOT complain about UsePAM or about UsePam.

So it would appear that the "UsePAM no" / "UsePam no" issue is caused by 2 things:
  1. The OpenSSH seems to need to be newer than 3.6p1
  2. You must compile the OpenSSH with --with-pam in order for "UsePAM no" to even make sense to sshd

So it seems that you were very much correct, Ryan! Good call!

It also appears that since all of us are installing later versions that 3.6p1, if we are getting the "Bad configuration option: UsePam" message when we run 'sshd -t', it just means pam was not compiled into our versions anyway, so this latest problem doesn't affect us. So all is well. :-)

Thanks again, Ryan!

Benny

- --

Geek by nature, Linux by choice

L I N U X .~.
The Choice /V\
 of a GNU /( )\
Generation ^^-^^

Registered Linux User #287649
Register today at http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/cwau2XENpux7us8RAiUHAJ0blmPEeMXFuzg7iWGitixpqdZqQQCggdWZ
9JkzD/hGSmPvwplrVetCu5s=
=GHB0
-----END PGP SIGNATURE-----

• Previous message: Olivier PONSINET: "RE: SSH1 Client SDK for Windows ?"
• Maybe in reply to: Benny Helms: "UsePAM no"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]