[Bug 2861] LDAP user with public key authentication showing AUTHSTATE=compat
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed May 2 19:34:53 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2861
--- Comment #2 from Mayank Sharma <mayasha9 at in.ibm.com> ---
Hi Darren,
Please find more details below -
1. I have made a AIX-LDAP server and client setup
2. Now I created a LDAP user using the below command
# mkuser -R LDAP ldapuser
# passwd -R LDAP ldapuser
3. Now i tried password based authentication for this user and we get
the following environment variables set for this user.
$ ssh localhost
ldapuser at localhost's password:
Last unsuccessful login: Wed May 2 03:16:40 CDT 2018 on ssh from
127.0.0.1
Last login: Wed May 2 03:16:45 CDT 2018 on /dev/pts/3 from 127.0.0.1
.
.
.
$
$ env
...
AUTHSTATE=LDAP
...
$
4. Now I did the password less authentication setup using the below
commands -
# su ldapuser
# ssh-keygen
# cp /home/ldapuser/.ssh/id_rsa.pub
/home/ldapuser/.ssh/authorized_keys
5. And tried to login.
$ ssh localhost
Last unsuccessful login: Wed May 2 03:16:40 CDT 2018 on ssh from
127.0.0.1
Last login: Wed May 2 03:16:45 CDT 2018 on /dev/pts/3 from 127.0.0.1
.
.
.
$
$ env
...
AUTHSTATE=compat
...
$
As we can see in step 3, we have AUTHSTATE set to LDAP whereas in step
5 , AUTHSTATE is set to compat. The expectation is that the AUTHSTATE
should display LDAP irrespective of authentication
methods(password-less or password-based).
Please let me know if you need additional information.
I will further attach sshd logs.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list