Re: Solaris + OpenSSH + LDAP + PAM
From: Derek Harkness (dharknes_at_umd.umich.edu)
Date: Thu, 1 Apr 2004 20:49:28 -0500 To: Darren Tucker <firstname.lastname@example.org>
Cool thanks! So this is ultimately more of client problem? Since the
client should automatically select different authentication methods
based on what the server says.
Unfortunately getpwnam()/getspnam() don't return anything on my system
since I'm using LDAP and I haven't given root the ability to retrieve
password information. So PAM really is the only way to get that
Thank for all the help!
On Apr 1, 2004, at 8:35 PM, Darren Tucker wrote:
> Derek Harkness wrote:
>> I downgraded ssh to 3.4p1+patches and everything works fine.
>> But it seems that 3.8 isn't passing the password information to pam
>> correctly, at least on Solaris. I'll upgrade my Linux box to 3.8 and
>> see if it has the same problem.
> PAM behaves differently starting at 3.7p1. In order to use PAM to
> authenticate, you *must* use keyboard-interactive (sshv2) or TIS
> Challenge-response (sshv1) for OpenSSH 3.7p1 and newer. Password
> authentication will use getpwnam()/getspnam() and not PAM.
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
"This world is a comedy to those who think and a tragedy to those who