[Bug 2861] LDAP user with public key authentication showing AUTHSTATE=compat

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed May 2 19:34:53 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2861

--- Comment #2 from Mayank Sharma <mayasha9 at in.ibm.com> ---
Hi Darren,

Please find more details below - 

1. I have made a AIX-LDAP server and client setup

2. Now I created a LDAP user using the below command
   # mkuser -R LDAP ldapuser
   # passwd -R LDAP ldapuser

3. Now i tried password based authentication for this user and we get
the following environment variables set for this user.

$ ssh localhost
ldapuser at localhost's password:
Last unsuccessful login: Wed May  2 03:16:40 CDT 2018 on ssh from
127.0.0.1
Last login: Wed May  2 03:16:45 CDT 2018 on /dev/pts/3 from 127.0.0.1
.
.
.
$
$ env
...
AUTHSTATE=LDAP
...
$

4. Now I did the password less authentication setup using the below
commands -
   # su ldapuser
   # ssh-keygen
   # cp /home/ldapuser/.ssh/id_rsa.pub
/home/ldapuser/.ssh/authorized_keys

5. And tried to login. 

$ ssh localhost
Last unsuccessful login: Wed May  2 03:16:40 CDT 2018 on ssh from
127.0.0.1
Last login: Wed May  2 03:16:45 CDT 2018 on /dev/pts/3 from 127.0.0.1
.
.
.
$
$ env
...
AUTHSTATE=compat
...
$ 

As we can see in step 3, we have AUTHSTATE set to LDAP whereas in step
5 , AUTHSTATE is set to compat. The expectation is that the AUTHSTATE
should display LDAP irrespective of authentication
methods(password-less or password-based).

Please let me know if you need additional information.

I will further attach sshd logs.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list