privsep versus compression
Martin MOKREJŠ
mmokrejs at natur.cuni.cz
Thu Sep 19 08:28:55 EST 2002
Hi,
I've one more note. It seems after the privsep happened on Solaris in
sshd, it tries to read /etc/srvtab file, but has no access.
14831: open("/etc/srvtab", O_RDONLY) Err#2 ENOENT
debug1: Kerberos v4 krb_rd_req: Can't decode authenticator (krb_rd_req)14831: write(2, " d e b u g 1 : K e r b".., 71) = 71
14831: write(2, "\r\n", 2) = 2
14831: getpeername(4, 0xEFFFE2A8, 0xEFFFE2A4) = 0
Failed kerberos for mmokrejs from 195.113.56.1 port 244514831: write(2, " F a i l e d k e r b e".., 56) = 56
That might be the reason why sshd refuses remote valid tickets. After the
password autentication when user entered valid kerberos password, receives
a ticket stored in tmp and sshd then tries to read /etc/srvtab again.
That's the place where sshd dies. It seems, when I replaced pam_krb.so
module with older versiom from krb4-1.0.9, sshd does not crash! So, expect
a problem with pam module (although it worked for telnet connection)
which makes sshd to crash.
Hope this helps
--
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
More information about the openssh-unix-dev
mailing list