OPENssh (2.9p2) and keylogin in NIS+ on Solaris 7 with PAM
Shaun McCullagh
shaun.mccullagh at marviq.com
Fri Nov 30 02:51:24 EST 2001
Hi,
I'm trying to make sshd perform a keylogin on a Solaris 7 NIS+ client
with PAM.
ssh connects and works fine but keyserv reports that it `can't encrypt
the session key'. So I think the keylogin failed or did not happen when
the user started an ssh session.
The following message is logged in syslog.
>sshd[489]: pam_setcred: error Permission denied
>sshd[506]: keyserv_client: can't stat 10
I've double checked NIS+ is running correctly with telnet.
keyserv works ok with this...
I compiled OPENssh 2.9p2 (on Solaris 7) with
configure --prefix=/usr/local --with-pam \
--with-tcp-wrappers --sysconfdir=/usr/local/etc \
--with-ssl-dir=/usr/local
I added this line to /etc/pam.conf:
sshd auth required /usr/lib/security/pam_unix.so.1
and set these parameters in sshd_config:
PasswordAuthentication no
PAMAuthenticationViaKdbInt yes
I note that the sshd daemon is using PAM as it reports this when invoked
with '-ddd'
I'd really grateful for any suggestions/ideas
TIA
--
Shaun
More information about the openssh-unix-dev
mailing list