[Fwd: Serious Bug Report: OpenSSH]
Chris Saia
csaia at wtower.com
Thu Dec 2 12:00:44 EST 1999
Damien Miller <damien at ibs.com.au> writes:
(actually, Adrian Baugh wrote, via Damien's forward)
> I'm using a RH6.1 system and have tried both the default sshd PAM file and
> adding md5 to the password required line. (By the way, should the module
> for this line be pam_pwdb rather than pam_unix, as in the PAM files for
> login and passwd?)
I'm not qualified to answer the previous questions about debugging
showing user passwords, but since I was responsible for having the
sshd.pam file changed to reflect pam_unix rather than pam_pwdb, I'll
answer this part.
I believe this (using pam_unix.so vs. pam_pwdb.so) makes OpenSSH more
uniform across various PAM implementations.
RedHat Linux and Mandrake include both in their PAM package; SuSE
Linux only includes pam_unix.so in its default setup(*); and Solaris
(looking at Sol7/x86) only has pam_unix.so -- no pam_pwdb.so at all.
I don't have access to any other PAM implementations, but I would
reckon they also have pam_unix.so and may or may not have the former.
(*) pam_pwdb is included with SuSE, but it's packaged separately, is
not kept up-to-date with the pam package itself, and contains the
following package description:
The pwdb package contains libpwdb, the password database library. Libpwdb is a
library which implements a generic user information database.
Libpwdb doesn't use NSS from glibc. So it is not possible to use services like
NIS+ or LDAP with pwdb.
--
===============================================================================
csaia at wtower.com, WTnet IRC Administrator - http://www.wtower.com/~csaia/
GNU Privacy Guard Public Key information is available at the above URL.
===============================================================================
More information about the openssh-unix-dev
mailing list