openssh & solaris (part 2)

Bob Smith b_smith44 at
Wed Feb 27 11:16:49 EST 2002

this patch will allow PAM authentication when using sun's pam_krb5 before 
pam_unix in the PAM stack. without this patch a pam.conf entry like:

sshd auth sufficient /usr/lib/security/$ISA/
sshd auth required /usr/lib/security/$ISA/ try_first_pass

would fail with the error "input_userauth_info_response_pam: no 
authentication context".

NOTE: when authenticating against pam_krb5 a user with an expired passwd 
cannot login. when authenticating against pam_unix a user with an expired 
passwd can login and is not prompted to change their password.

NOTE: "pam_setcred: error Permission denied" errors are still issued when 
exiting a session.

*** auth2-pam.c-        Tue Feb 26 15:30:14 2002
--- auth2-pam.c Tue Feb 26 15:31:26 2002
*** 134,141 ****
--- 134,143 ----
        unsigned int nresp = 0, rlen = 0, i = 0;
        char *resp;

+ /*
        if (authctxt == NULL)
                fatal("input_userauth_info_response_pam: no authentication 
+ */

        nresp = packet_get_int();       /* Number of responses. */
        debug("got %d responses", nresp);

Join the world’s largest e-mail service with MSN Hotmail.

More information about the openssh-unix-dev mailing list