OpenSSH-2.1.1p4 and SuSE 6.4
Daniel T. Chen
chenda at cs.unc.edu
Sun Aug 13 09:49:16 EST 2000
Hi folks,
I meant to send this in to the devel list a while ago (1 Jul,
actually) but school has until recently had a strangehold on me. The
issue is this: the sshd.pam.generic in the openssh-2.1.1p4/contrib
directory can be modified to suit standard SuSE 6.4 configurations as
thus:
{crimsun@[dhcp1520]:~} diff -c /etc/pam.d/sshd
openssh-2.1.1p4/contrib/sshd.pam.generic
*** /etc/pam.d/sshd Sat Jul 1 19:52:23 2000
--- openssh-2.1.1p4/contrib/sshd.pam.generic Tue Mar 14 20:25:06 2000
***************
*** 1,8 ****
#%PAM-1.0
! auth required /lib/security/pam_unix_auth.so shadow nodelay
auth required /lib/security/pam_nologin.so
! account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
! password required /lib/security/pam_unix_passwd.so shadow
use_authtok
! session required /lib/security/pam_unix_session.so
session required /lib/security/pam_limits.so
--- 1,8 ----
#%PAM-1.0
! auth required /lib/security/pam_unix.so shadow nodelay
auth required /lib/security/pam_nologin.so
! account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so
! password required /lib/security/pam_unix.so shadow nullok
use_authtok
! session required /lib/security/pam_unix.so
session required /lib/security/pam_limits.so
Sorry if the formatting makes things unclear. The sshd.pam.generic
included in the 2.1.1p4 tarball is adequately functional on stock SuSE 6.4
systems but does not log to syslog via PRIORITY when a sshd session has
been closed. The changes above rectify that. (Note: I've taken the
liberty of disallowing null passwords for my machine.) This is a SuSE
Linux-specific diff, but I thought I'd let everyone know just in case
someone had run across it and was scratching his/her head. :)
dtc
---
Daniel T. Chen
crimsun at adirondack.masticators.org
More information about the openssh-unix-dev
mailing list