Re: Solaris + OpenSSH + LDAP + PAM

From: Derek Harkness (dharknes_at_umd.umich.edu)
Date: 04/02/04

  • Next message: Darren Tucker: "Re: Solaris + OpenSSH + LDAP + PAM"
    Date: Thu, 1 Apr 2004 20:49:28 -0500
    To: Darren Tucker <dtucker@zip.com.au>
    
    

    Cool thanks! So this is ultimately more of client problem? Since the
    client should automatically select different authentication methods
    based on what the server says.

    Unfortunately getpwnam()/getspnam() don't return anything on my system
    since I'm using LDAP and I haven't given root the ability to retrieve
    password information. So PAM really is the only way to get that
    information.

    Thank for all the help!
    Derek

    On Apr 1, 2004, at 8:35 PM, Darren Tucker wrote:

    > Derek Harkness wrote:
    >> I downgraded ssh to 3.4p1+patches and everything works fine.
    >> But it seems that 3.8 isn't passing the password information to pam
    >> correctly, at least on Solaris. I'll upgrade my Linux box to 3.8 and
    >> see if it has the same problem.
    >
    > PAM behaves differently starting at 3.7p1. In order to use PAM to
    > authenticate, you *must* use keyboard-interactive (sshv2) or TIS
    > Challenge-response (sshv1) for OpenSSH 3.7p1 and newer. Password
    > authentication will use getpwnam()/getspnam() and not PAM.
    >
    > --
    > Darren Tucker (dtucker at zip.com.au)
    > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    > Good judgement comes with experience. Unfortunately, the experience
    > usually comes from bad judgement.
    >
    "This world is a comedy to those who think and a tragedy to those who
    feel."


  • Next message: Darren Tucker: "Re: Solaris + OpenSSH + LDAP + PAM"