problems with openssh-1.2.2 and pam_tacplus.so

Dominik Brettnacher domi at saargate.de
Thu Feb 3 07:58:11 EST 2000


Hello,

I have the following problem: I have installed openssh-1.2.2 on FreeBSD
3.4-RELEASE. I intentionally did not took the FreeBSD port because it does
not support PAM. My aim is to make sshd authenticate against a TACACS+
server using the pam_tacplus.so module shipped with FreeBSD. That works
perfectly with this line in my /etc/pam.conf:

login   auth    sufficient      pam_tacplus.so


Accordingly, I set up pam.conf like this to make sshd do the same:

sshd	auth	required	pam_tacplus.so


But all I get then from sshd is this:

su-2.03# /usr/local/sbin/sshd -d
debug: sshd version OpenSSH-1.2.2
debug: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug: Server will not fork when running in debugging mode.
Connection from 212.88.133.252 port 1021
debug: Client protocol version 1.5; client software version OpenSSH-1.2.1
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.
debug: Starting up PAM with username "domi"
debug: Attempting authentication for domi.
Failed rsa for domi from 212.88.133.252 port 1021
debug: PAM Password authentication accepted for user "domi"
Accepted password for domi from 212.88.133.252 port 1021
debug: PAM setting rhost to "dominik.saargate.de"
PAM rejected by account configuration: Permission denied
Faking authloop for illegal user domi from 212.88.133.252 port 1021



I configured openssh with

 ./configure  --with-tcp-wrappers --with-ipv4-default --with-md5-passwords


What can I do in order to make sshd work correctly?

-- 
Dominik - http://www.saargate.de/~domi/









More information about the openssh-unix-dev mailing list