[Fwd: Serious Bug Report: OpenSSH]

Chris Saia csaia at wtower.com
Thu Dec 2 12:00:44 EST 1999

Damien Miller <damien at ibs.com.au> writes:

(actually, Adrian Baugh wrote, via Damien's forward)

> I'm using a RH6.1 system and have tried both the default sshd PAM file and
> adding md5 to the password required line. (By the way, should the module
> for this line be pam_pwdb rather than pam_unix, as in the PAM files for
> login and passwd?)

I'm not qualified to answer the previous questions about debugging
showing user passwords, but since I was responsible for having the
sshd.pam file changed to reflect pam_unix rather than pam_pwdb, I'll
answer this part.

I believe this (using pam_unix.so vs. pam_pwdb.so) makes OpenSSH more
uniform across various PAM implementations.  

RedHat Linux and Mandrake include both in their PAM package; SuSE
Linux only includes pam_unix.so in its default setup(*); and Solaris
(looking at Sol7/x86) only has pam_unix.so -- no pam_pwdb.so at all.
I don't have access to any other PAM implementations, but I would
reckon they also have pam_unix.so and may or may not have the former.

  (*) pam_pwdb is included with SuSE, but it's packaged separately, is
      not kept up-to-date with the pam package itself, and contains the
      following package description:

The pwdb package contains libpwdb, the password database library. Libpwdb is a
library which implements a generic user information database.
Libpwdb doesn't use NSS from glibc. So it is not possible to use services like
NIS+ or LDAP with pwdb.

   csaia at wtower.com, WTnet IRC Administrator - http://www.wtower.com/~csaia/
    GNU Privacy Guard Public Key information is available at the above URL.

More information about the openssh-unix-dev mailing list