2.1.1p2 HP-UX 11 PAM General Commerical Security error

Kevin Steves stevesk at sweden.hp.com
Tue Jul 4 00:05:05 EST 2000 

: Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
: Jul  3 14:24:58 robinson sshd[1236]: pam_acct_mgmt: error General Commercial Security error
: Jul  3 14:24:58 robinson sshd[1236]: PAM rejected by account configuration: General Commercial Security error

A little more info.  I wanted to see the specific pam_retval so I
modifed the error string; then I went ahead and added it to the other
auth-pam.c error/debug output.  It might be worthwhile to integrate so
the patch is attached.

Now I see:

Jul  3 15:19:29 robinson sshd[1293]: PAM rejected by account configuration: [32] General Commercial Security error

which is:

#define PAM_TERM_ERROR          32      /* Terminal database corruption or 
                                           no corresponding entry found */

I'm not sure at this point what this could indicate, but I'll try to
track it down.
-------------- next part --------------
--- auth-pam.c~	Thu Jun 22 13:44:54 2000
+++ auth-pam.c	Mon Jul  3 15:49:05 2000
@@ -105,19 +105,22 @@
 	{
 		pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot close PAM session: %.200s", 
+			log("Cannot close PAM session: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 
 		pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot delete credentials: %.200s", 
+			log("Cannot delete credentials: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 
 		pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot release PAM authentication: %.200s", 
+			log("Cannot release PAM authentication: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
@@ -145,8 +148,9 @@
 			pw->pw_name);
 		return 1;
 	} else {
-		debug("PAM Password authentication for \"%.100s\" failed: %s", 
-			pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+		debug("PAM Password authentication for \"%.100s\" failed: [%d] %s", 
+			pw->pw_name, pam_retval,
+			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		return 0;
 	}
 }
@@ -160,7 +164,8 @@
 	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, 
 		get_canonical_hostname());
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set rhost failed: %.200s", 
+		fatal("PAM set rhost failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 
@@ -168,7 +173,8 @@
 		debug("PAM setting ruser to \"%.200s\"", remote_user);
 		pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set ruser failed: %.200s", 
+			fatal("PAM set ruser failed: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
@@ -182,7 +188,8 @@
 			pam_msg_cat(NEW_AUTHTOK_MSG);
 			break;
 		default:
-			log("PAM rejected by account configuration: %.200s", 
+			log("PAM rejected by account configuration: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 			return(0);
 	}
@@ -199,14 +206,16 @@
 		debug("PAM setting tty to \"%.200s\"", ttyname);
 		pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set tty failed: %.200s", 
+			fatal("PAM set tty failed: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
 
 	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM session setup failed: %.200s", 
+		fatal("PAM session setup failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 }
@@ -219,7 +228,8 @@
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM setcred failed: %.200s", 
+		fatal("PAM setcred failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 }
@@ -242,7 +252,8 @@
 		(pam_handle_t**)&pamh);
 
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM initialisation failed: %.200s", 
+		fatal("PAM initialisation failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 
@@ -255,7 +266,8 @@
 	 */
 	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set tty failed: %.200s", 
+		fatal("PAM set tty failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}

More information about the openssh-unix-dev mailing list