OpenSSHd barfs upon reauthentication: PAM, Solaris 8
Stuart Lamble
sjl at debian.lib.monash.edu.au
Tue Aug 28 14:40:51 EST 2001
We've been having trouble with OpenSSH 2.9p2, running on Solaris 8
(a domain of an E10k), with PAM authentication turned on. It
intermittently crashes with signal 11 (seg fault) after the password
is entered, after the MOTD is displayed, but before control is passed
over to the login shell. I eventually managed to persuade sshd's child
process to consistently crash, upon entry of an invalid password (of
nine characters in length initially; subsequent tests worked for a
password of just five characters ["hello", for what it's worth :) ]),
followed by the correct password.
Investigation (using copious debug() statements) has isolated the problem
down to one line of code:
pam_retval = pam_setcred(__pamh,
init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
in auth-pam.c, function do_pam_setcred(). It appears that this function
is being called twice: once with init set, once without (ie: once with
PAM_ESTABLISH_CRED, once with PAM_REINITIALIZE_CRED). It's on the call
to pam_setcred(__pamh, PAM_REINITIALIZE_CRED) that the seg fault occurs.
To clarify why we're using PAM: the system in question is set up to
communicate with a Kerberos server, with all authentication being done
using Kerberos. It's somewhat easier to do all of that with PAM than to
try to replace login, etc.
There's also been the question of whether do_pam_setcred() should be called
before or after the uid has been set to the user's. Changing the code to
call do_pam_setcred() after the call to permanently_set_uid(), however,
seems to make no difference to the crashing.
Any clues would be very much appreciated. sshd is now at the point where it
*mostly* works; it'd just be nice to get it to the point where it *completely*
works, no ifs, buts, or maybes :) Otherwise, I foresee myself going bald in
a very short space of time. *wry smile*
Ta muchly,
Stuart.
More information about the openssh-unix-dev
mailing list