[Bug 936] S/Key authentication fails if UsePAM=no

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 28 16:21:55 EST 2004 

http://bugzilla.mindrot.org/show_bug.cgi?id=936

           Summary: S/Key authentication fails if UsePAM=no
           Product: Portable OpenSSH
           Version: -current
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: ulm at kph.uni-mainz.de


sshd of openssh-3.9_p1 behaves differently if PAM is switched off
either during compile time (see "A" below) or via configuration file
(see "B" below). Login via S/Key challenge-response authentication
succeeds in case A, but fails in case B.

Steps to Reproduce (case A):
1. Compile and install sshd with configuration "A" (see below)
2. Install sshd_config (see below)
3. ssh from remote machine

Actual Results (case A):
   $ ssh user at host
   otp-md5 89 foo1234567
   S/Key Password: 
   [... login succeeds, as expected]

Steps to Reproduce (case B):
1. Compile and install sshd with configuration "B"
2. Install sshd_config
3. ssh from remote machine

Actual Results (case B):
   [No password prompt appears and login is immediately refused:]
   $ ssh user at host
   Permission denied (publickey,keyboard-interactive).
   $ 

Expected Results:
The behaviour of sshd should be identical in cases A and B
(and should be as in case A).

Configuration (case A):
  $ ./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man
  --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
  --localstatedir=/var/lib --sysconfdir=/etc/ssh --libexecdir=/usr/lib/misc
  --datadir=/usr/share/openssh --disable-suid-ssh
  --with-privsep-path=/var/empty --with-privsep-user=sshd --with-md5-passwords
  --without-kerberos5 --with-tcp-wrappers --with-skey --without-opensc
  --with-ipv4-default --without-pam

Configuration (case B):
  as in case A, but last option replaced by "--with-pam"

/etc/ssh/sshd_config (identical for both cases; contains only 3 lines):
  Protocol 2
  PasswordAuthentication no
  UsePAM no

I have also reported this as Gentoo bug:
<http://bugs.gentoo.org/show_bug.cgi?id=65343>



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list