openssh & solaris (part 2)
Bob Smith
b_smith44 at hotmail.com
Wed Feb 27 11:16:49 EST 2002
this patch will allow PAM authentication when using sun's pam_krb5 before
pam_unix in the PAM stack. without this patch a pam.conf entry like:
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1
sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
would fail with the error "input_userauth_info_response_pam: no
authentication context".
NOTE: when authenticating against pam_krb5 a user with an expired passwd
cannot login. when authenticating against pam_unix a user with an expired
passwd can login and is not prompted to change their password.
NOTE: "pam_setcred: error Permission denied" errors are still issued when
exiting a session.
*** auth2-pam.c- Tue Feb 26 15:30:14 2002
--- auth2-pam.c Tue Feb 26 15:31:26 2002
***************
*** 134,141 ****
--- 134,143 ----
unsigned int nresp = 0, rlen = 0, i = 0;
char *resp;
+ /*
if (authctxt == NULL)
fatal("input_userauth_info_response_pam: no authentication
context");
+ */
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
More information about the openssh-unix-dev
mailing list