Re: OpenSSH ignores PAM?

• Previous message: Darren Tucker: "Re: RBACs and SSH"
• In reply to: Florian Effenberger: "OpenSSH ignores PAM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 17 Oct 2003 22:10:21 -0400
To: Florian Effenberger <floeff@arcor.de>

I believe you need something like this in your sshd_config:

PasswordAuthentication no
UsePAM yes

But, keep in mind that the new ssh requries TIS or Keyboard Interactive mode.

Read this thread: http://marc.theaimsgroup.com/?l=secure-shell&m=106562915009932&w=2

-Ryan

On Thu, Oct 16, 2003 at 10:23:44PM +0200, Florian Effenberger wrote:
> Hi there,
>
> Seems I have trouble to get OpenSSH to use PAM...
>
> I compiled the most recent version using
> ./configure --with-pam --with-md5-passwords
>
> My /etc/pam.d/sshd (on Debian) reads
> #%PAM-1.0
> auth required /lib/security/pam_unix.so shadow nodelay debug
> auth required /lib/security/pam_nologin.so debug
> account required /lib/security/pam_unix.so debug
> password required /lib/security/pam_cracklib.so debug
> password required /lib/security/pam_unix.so shadow nullok use_authtok
> debug
> session required /lib/security/pam_unix.so debug
> session required /lib/security/pam_limits.so debug
> session required pam_chroot.so debug
>
> The items in sshd_conf read
> Protocol 2
> UseLogin no
> UsePrivilegeSeparation no
> Subsystem sftp /usr/local/libexec/sftp-server
> AllowTcpForwarding no
>
> However, /var/log/auth.log has no entries, even though I set "debug". When I
> have "UseLogin yes" and add some debug in the appropriate PAM file, I get
> output in auth.log
>
> Could it be that my OpenSSH does not use PAM? Compiliation went okay, and
> ./configure told me PAM would be used... :-(
>
> Thanks
> Florian
>

• Previous message: Darren Tucker: "Re: RBACs and SSH"
• In reply to: Florian Effenberger: "OpenSSH ignores PAM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]