[Bug 2622] New: PAM stack sometimes will not run during auth and this causes auths to fail
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Oct 8 01:58:53 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2622
Bug ID: 2622
Summary: PAM stack sometimes will not run during auth and this
causes auths to fail
Product: Portable OpenSSH
Version: 4.3p2
Hardware: ix86
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: desaiar at umich.edu
Created attachment 2877
--> https://bugzilla.mindrot.org/attachment.cgi?id=2877&action=edit
Config Files and Debug Logs
I am running Centos 5 OpenSSH 4.3p2-82.0.2
This patch for the portable version has caused a bug where my PAM stack
is sometimes not being run. Attempting to connect about 70% of the time
will give me a failure, but occasionally I will see the password prompt
from pam_unix and be allowed to auth successfully.
Upgrading and downgrading between 4.3p2-82.0.1 and 4.3p2-82.0.2 has
shown me that the issue is connected to this patch in some way. In
4.3p2-82.0.1 I always get directed to perform PAM authentication and
can auth. I've attached the two new patch files for this version to
help debugging. Since I'm using challenge response authentication I
believe it is more related to the keyboard-interactive patch.
I've also included my sshd_config file. I believe the interesting
callouts are:
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
I have included the relevant PAM stack files as well.
For debugging I've attached part of the client logs with -vvv and part
of the server logs with -ddd.
The logs seem to suggest that it knows to run the PAM stack but then
somewhere the connection does not succeed.
Please let me know if there is anything else I can do to help
troubleshoot this issue.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list