[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 12 22:11:02 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=926





--- Comment #35 from Jan Engelhardt <jengelh at gmx.de>  2008-04-12 22:10:57 ---
(from bug #926)
>> Modules do not seem to be able to do converse (in 5.0p1). pam_mount for
>> example is affected by this (ideally it would just grab the authtoken       
>> from the auth stage but sadly enough openssh destroys the pam context      
>> and instead starts a new one for session stage).                           
>
>That's a separate issue (see bug #688), however I think it only applies       
>for challenge-response type authentications.                                  
                                                                       
      >
>You can probably work around it by disabling                                    
>ChallengeResponseAuthentication in sshd_config or using password                
>authentication (as opposed to keyboard-interactive, with an OpenSSH             
>client that's "ssh -o preferredauthentications=password server").               

Unfortunately, that does not do it either. CRA is set to no,
PasswordAuthentication set to yes, no pubkey in ~/.ssh. According to
sshd -ddd, it's still conversation error.

pam_mount(pam_mount.c:518) error trying to retrieve authtok from auth
code
pam_mount(pam_mount.c:208) enter read_password
debug3: PAM: sshpam_store_conv called with 1 messages
pam_mount(pam_mount.c:176) conv->conv(...): Conversation error

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.


More information about the openssh-bugs mailing list