privsep versus compression

Martin MOKREJŠ mmokrejs at natur.cuni.cz
Thu Sep 19 08:28:55 EST 2002


Hi,
  I've one more note. It seems after the privsep happened on Solaris in
sshd, it tries to read /etc/srvtab file, but has no access.

14831:  open("/etc/srvtab", O_RDONLY)                   Err#2 ENOENT
debug1: Kerberos v4 krb_rd_req: Can't decode authenticator (krb_rd_req)14831:   write(2, " d e b u g 1 :   K e r b".., 71)      = 71
14831:  write(2, "\r\n", 2)                             = 2
14831:  getpeername(4, 0xEFFFE2A8, 0xEFFFE2A4)          = 0
Failed kerberos for mmokrejs from 195.113.56.1 port 244514831:  write(2, " F a i l e d   k e r b e".., 56)      = 56



That might be the reason why sshd refuses remote valid tickets. After the
password autentication when user entered valid kerberos password, receives
a ticket stored in tmp and sshd then tries to read /etc/srvtab again.
That's the place where sshd dies. It seems, when I replaced pam_krb.so
module with older versiom from krb4-1.0.9, sshd does not crash! So, expect
a problem with pam module (although it worked for telnet connection)
which makes sshd to crash.

Hope this helps
-- 
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585





More information about the openssh-unix-dev mailing list