Re: 3.4p1 and PAM, no privsep, authentication fails
From: Nico Kadel-Garcia (nkadel@bellatlantic.net)Date: 07/06/02
- Next message: Nico Kadel-Garcia: "Re: RedHat Linux problem with SSH connection"
- Previous message: Nico Kadel-Garcia: "Re: Installing OpenSSH 3.4"
- In reply to: Michael J. Fromberger: "3.4p1 and PAM, no privsep, authentication fails"
- Next in thread: Luke Vogel: "Re: 3.4p1 and PAM, no privsep, authentication fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net> Date: Sat, 06 Jul 2002 03:14:35 GMT
"Michael J. Fromberger" <Michael.J.Fromberger@Clothing.Dartmouth.EDU> wrote
in message news:ag4u1b$rg9$1@merrimack.Dartmouth.EDU...
> Hello, all
>
> I've been browsing the SSH list archives and this newsgroup, and have
> not yet seen an answer to this problem, so I thought I'd bring it up
> specifically.
>
> I'm running a fully-patched RedHat 7.3 box, and built a copy of
> OpenSSH 3.4p1 from source. I made one minor source modification,
> namely, to remove the default enabling privilege separation
> (basically, a one line tweak to servconf.c).
>
> The daemon builds and executes fine, but when I start it up manually
> using the same sshd_config and PAM configuration files that my older
> daemon was using, I cannot log in. In particular, PAM password
> authentication is cited in the log as having failed. Since I'm using
> PAM to authenticate against an AFS/Kerberos server, rather than a
> local password file, I do not think the issue is related to the use of
> MD5 for password hashing. Furthermore, the log shows that it
> recognizes my login name properly, and creates the PAM session to do
> the authentication.
In your shoes, I would stay away from 3.4 until all the
PAM-S/Key-Kerberos-etc. is all hashed out and RedHat can do an RPM. If not,
instead of working from source tarballs, start with one of the RPM's: there
are often tweaks and command line options for the "configure" command that
are better suited to a default RedHat installation.
RedHat has released a 3.1p1 patched RPM: unless you really *want* to be one
of the pioneers who explores the envelope of getting things like
PAM/Kerberos/etc. working.
> Since I'm using the exact same sshd_config and PAM config files for my
> current installation of OpenSSH 3.2.3p1, I'm at a loss to explain what
> is going on. Before I attach a debugger and go stepping manually
> through everything, does anybody have any suggestions of what might be
> different about 3.4p1?
>
> Any help will be greatly appreciated.
>
> Cheers,
> -M
Try turning the Privilege Separation off and on manually, in case your patch
wasn't perfect?
- Next message: Nico Kadel-Garcia: "Re: RedHat Linux problem with SSH connection"
- Previous message: Nico Kadel-Garcia: "Re: Installing OpenSSH 3.4"
- In reply to: Michael J. Fromberger: "3.4p1 and PAM, no privsep, authentication fails"
- Next in thread: Luke Vogel: "Re: 3.4p1 and PAM, no privsep, authentication fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
