OpenSSH3.0p1/PAM/Sol8
Dost, Alexander
Alexander.Dost at drkw.com
Fri Nov 9 04:01:52 EST 2001
I imported the example from the contrib directory for generic unix.
sshd is running as root.
Alex
pam.conf:
#
#ident "@(#)pam.conf 1.16 01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
sshd auth required /usr/lib/security/$ISA/pam_unix.so shadow nodelay
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_projects.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
sshd account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_projects.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
sshd session required /usr/lib/security/$ISA/pam_unix.so.1
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
sshd password required /usr/lib/security/$ISA/pam_unix.so shadow
nullok use_authtok
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
- snip
> -----Original Message-----
> From: Ed Phillips [SMTP:ed at UDel.Edu]
> Sent: Thursday, November 08, 2001 17:06
> To: Dost, Alexander
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: OpenSSH3.0p1/PAM/Sol8
>
> On Thu, 8 Nov 2001, Dost, Alexander wrote:
>
> > Date: Thu, 8 Nov 2001 10:04:53 +0100
> > From: "Dost, Alexander" <Alexander.Dost at drkw.com>
> > To: openssh-unix-dev at mindrot.org
> > Subject: OpenSSH3.0p1/PAM/Sol8
> >
> > Hi there,
> >
> > I just tried out OpenSSH3.0p1 running on Solaris 8 with PAM
> (--with-PAM).
> > The problem was mentioned some time ago and is still there :-(
> > When a password is expired you are prompted to change it now, enter your
> > login password and after doing so you are instantly disconnected. I
> think
> > this is a problem with PAM and not SSH, but how can I get a solution on
> this
> > ?
> > sshd is running without problems, no core dump. In /var/adm/messages
> there
> > is the following output:
> > auth.crit fatal: PAM pam_chauthtok failed[-1]: Unknown error
>
> What does your /etc/pam.conf look like? Are you running sshd as root or
> some other uid?
>
> Ed
>
> Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
> Systems Programmer III, Network and Systems Services
> finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list