problems with openssh-1.2.2 and pam_tacplus.so
Steve Langasek
vorlon at netexpress.net
Fri Feb 4 03:39:22 EST 2000
On Thu, 3 Feb 2000, Dominik Brettnacher wrote:
> You were right, I did not set up any. Now my pam.conf looks like this:
> sshd auth required pam_tacplus.so
> sshd account required pam_unix.so try_first_pass
> sshd password required pam_unix.so try_first_pass
> sshd session required pam_unix.so try_first_pass
> When I use "pam_permit.so" as the session module, I can login
> successfully, but when trying pam_unix.so, I get these errors:
> Feb 3 07:05:01 sshd[17265]: unable to resolve symbol: pam_sm_chauthtok
> Feb 3 07:05:01 sshd[17265]: unable to resolve symbol: pam_sm_open_session
> Feb 3 07:05:01 sshd[17265]: unable to resolve symbol: pam_sm_close_session
This seems to imply that the pam_unix.so module you're using is not compiled
to function as a password or session module. I really have no idea why this
is. It may be a problem specific to the FreeBSD port?
One thing you might try is to change the lines to read:
sshd auth required pam_tacplus.so
sshd account required pam_unix_account.so
sshd password required pam_unix_passwd.so try_first_pass
sshd session required pam_unix_session.so
If pam_unix is available as individual modules on your system.
Otherwise, pam_unix's session support is largely a no-op, and password
changing isn't crucial to sshd's proper functioning, so if all else fails you
could configure it as
sshd auth required pam_tacplus.so
sshd account required pam_unix_account.so
sshd password required pam_permit.so
sshd session required pam_permit.so
HTH,
Steve Langasek
postmodern programmer
More information about the openssh-unix-dev
mailing list