[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Feb 28 05:34:06 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=127
Summary: PAM with ssh authentication and pam_krb5 doesn't work
properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: b_smith44 at hotmail.com
when using authenticating against pam_krb5 a user can only login when sshd is
configured to use the system's login routine. the byproduct of this problem is
that the user can not use X forwarding.
this patch fixes the problem by modifying the call to pam_setcred to only use
the PAM_ESTABLISH_CRED flag.
users can now login (at least with solaris 8) with the pam.conf entry:
sshd auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
--- 297,303 ----
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list