[Bug 1799] New: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 17 05:32:50 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1799
Summary: Unable to login through PAM on Solaris 8 x86 due to
PAM_TTY
Product: Portable OpenSSH
Version: 5.5p1
Platform: ix86
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: kstemen at likewise.com
Created attachment 1899
--> https://bugzilla.mindrot.org/attachment.cgi?id=1899
test program that shows what kind of ttys are accepted
I downloaded openssh 5.5p1 for Solaris 8 x86 from Sunfreeware at
ftp://ftp.sunfreeware.com/pub/freeware/intel/8/openssh-5.5p1-sol8-x86-local.gz
.
If I set the UsePAM setting to yes, then no user is able to login. When
the server is running with debugging, the client shows:
$ ssh testuser at 10.100.3.175
Password:
Last login: Fri Jul 16 19:17:14 2010 from kyle-vmserver.c
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
debug3: PAM session not opened, exiting
Connection to 10.100.3.175 closed.
$
The error on the server is:
debug3: PAM: opening session
PAM: pam_open_session(): Can not make/remove entry for session
I have determined the problem is that pam_unix.so.1 does not like the
value of PAM_TTY. I see this in the source code:
#ifdef PAM_TTY_KLUDGE
/*
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
* sshd doesn't set the tty until too late in the auth process and
* may not even set one (for tty-less connections)
*/
debug("PAM: setting PAM_TTY to \"ssh\"");
sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
}
#endif
I can tell that Sunfreeware did define PAM_TTY_KLUDGE, because I see
this in the server's debug output:
debug1: PAM: setting PAM_TTY to "ssh"
I wrote a test program to show that Solaris 8 does not like this value
(attached). Here is the output from the program:
bash-2.03# gcc -Wall -Werror -lpam try_tty.c -o try_tty
bash-2.03# ./try_tty
Trying without PAM_TTY set
opensession: Can not make/remove entry for session
Trying with PAM_TTY set to 'ssh'
opensession: Can not make/remove entry for session
Trying with PAM_TTY set to '/dev/ssh'
opensession: Success
bash-2.03# ls -l /dev/ssh
/dev/ssh: No such file or directory
bash-2.03# cat /etc/release
Solaris 8 2/02 s28x_u7wos_08a INTEL
Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
Assembled 18 December 2001
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list