OPENssh (2.9p2) and keylogin in NIS+ on Solaris 7 with PAM

Shaun McCullagh shaun.mccullagh at marviq.com
Fri Nov 30 02:51:24 EST 2001


Hi,

I'm trying to make sshd perform a keylogin on a Solaris 7 NIS+ client
with PAM.

ssh connects and works fine but keyserv reports that it `can't encrypt
the session key'. So I think the keylogin failed or did not happen when
the user started an ssh session.

The following message is logged in syslog.

>sshd[489]: pam_setcred: error Permission denied
>sshd[506]: keyserv_client: can't stat 10

I've double checked NIS+ is running correctly with telnet.
keyserv works ok with this...

I compiled OPENssh 2.9p2 (on Solaris 7) with

configure --prefix=/usr/local --with-pam \
--with-tcp-wrappers --sysconfdir=/usr/local/etc \
--with-ssl-dir=/usr/local

I added this line to /etc/pam.conf:

        sshd  auth required /usr/lib/security/pam_unix.so.1

and set these parameters in sshd_config:

        PasswordAuthentication no

        PAMAuthenticationViaKdbInt yes
 
I note that the sshd daemon is using PAM as it reports this when invoked
with '-ddd'

I'd really grateful for any suggestions/ideas

TIA

-- 
Shaun



More information about the openssh-unix-dev mailing list