[Bug 936] S/Key authentication fails if UsePAM=no
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Sep 28 16:21:55 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=936
Summary: S/Key authentication fails if UsePAM=no
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: ulm at kph.uni-mainz.de
sshd of openssh-3.9_p1 behaves differently if PAM is switched off
either during compile time (see "A" below) or via configuration file
(see "B" below). Login via S/Key challenge-response authentication
succeeds in case A, but fails in case B.
Steps to Reproduce (case A):
1. Compile and install sshd with configuration "A" (see below)
2. Install sshd_config (see below)
3. ssh from remote machine
Actual Results (case A):
$ ssh user at host
otp-md5 89 foo1234567
S/Key Password:
[... login succeeds, as expected]
Steps to Reproduce (case B):
1. Compile and install sshd with configuration "B"
2. Install sshd_config
3. ssh from remote machine
Actual Results (case B):
[No password prompt appears and login is immediately refused:]
$ ssh user at host
Permission denied (publickey,keyboard-interactive).
$
Expected Results:
The behaviour of sshd should be identical in cases A and B
(and should be as in case A).
Configuration (case A):
$ ./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --sysconfdir=/etc/ssh --libexecdir=/usr/lib/misc
--datadir=/usr/share/openssh --disable-suid-ssh
--with-privsep-path=/var/empty --with-privsep-user=sshd --with-md5-passwords
--without-kerberos5 --with-tcp-wrappers --with-skey --without-opensc
--with-ipv4-default --without-pam
Configuration (case B):
as in case A, but last option replaced by "--with-pam"
/etc/ssh/sshd_config (identical for both cases; contains only 3 lines):
Protocol 2
PasswordAuthentication no
UsePAM no
I have also reported this as Gentoo bug:
<http://bugs.gentoo.org/show_bug.cgi?id=65343>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list