AIX authenticate()

J S vervoom at hotmail.com
Tue Aug 13 03:58:45 EST 2002


Maybe I'm barking up the wrong tree here but I applied this patch to see if 
it would fix the securid authentication on AIX, but no such luck.

debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
Failed none for u742359 from 165.3.156.65 port 1751 ssh2
debug1: userauth-request for user u752359 service ssh-connection method 
keyboard-interactive
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
Failed keyboard-interactive for u742359 from 165.3.156.65 port 1751 ssh2
debug1: userauth-request for user u742359 service ssh-connection method 
password
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering

Cheers,

JS.


>Hi,
>
>I just got a comment from one of my IBM support engineeres that there
>is a problem with auth-passwd.c only calling authenticate() once. He
>claims it should potentially be called several times, in case several
>authetication methods are defined in /etc/security/user. F.ex.:
>
>	SYSTEM = "NIS and DCE"
>
>Suggested (untested) patch should look like:
>
>----------------- cut --------------------
>%  diff -u auth-passwd.c-original auth-passwd.c
>--- auth-passwd.c-original	2002-08-12 18:43:25.000000000 +0200
>+++ auth-passwd.c	2002-08-12 19:02:43.000000000 +0200
>@@ -114,6 +114,7 @@
>  #ifdef WITH_AIXAUTHENTICATE
>  	char *authmsg;
>  	char *loginmsg;
>+	int rc;
>  	int reenter = 1;
>  #endif
>
>@@ -145,7 +146,11 @@
>  	}
>  #endif
>  #ifdef WITH_AIXAUTHENTICATE
>-	return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
>+	while (reenter) {
>+		rc = authenticate (pw->pw_name,password,&reenter,&authmsg)
>+	}
>+	return (rc);
>  #endif
>  #ifdef KRB4
>  	if (options.kerberos_authentication == 1) {
>----------------- /cut -------------------
>
>It kind of looks like it's a slip that this isn't fixed in
>auth-passwd.c, as 'int reenter = 1;' is already available inside
>WITH_AIXAUTHENTICATE.
>
>
>   -jf
>_______________________________________________
>openssh-unix-dev at mindrot.org mailing list
>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com




More information about the openssh-unix-dev mailing list