OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes

Alex Kiernan alexk at demon.net
Thu Jul 10 07:44:48 EST 2003 

Vikash Badal - PCS <VikashB at ComparexAfrica.co.za> writes:

> Greetings,
> 
> I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and
> the following problem occurs:
> 
> I am unable to login as root using when strictmode is set to yes.
> 
> output of debug:
> 
> Failed none for root from 192.168.1.1 port 1199 ssh2
> debug1: userauth-request for user root service ssh-connection method
> publickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: trying public key file //.ssh/authorized_keys
> debug3: secure_filename: checking '/.ssh'
> debug3: secure_filename: checking ''
> Authentication refused: bad ownership or modes for directory
> debug1: trying public key file //.ssh/authorized_keys2
> debug3: secure_filename: checking '/.ssh'
> debug3: secure_filename: checking ''
> Authentication refused: bad ownership or modes for directory
> 
> It seems that the final check is searching for a non-existant directory,
> with OpenSSH 3.5p1 this problem does not exist.
> 

Its not detecting broken dirname/basename. ISTR I put a ticket into
bugzilla for it (Solaris 2.5.1 is similarly busted), but I can't seem
to reach bugzilla.mindrot.org at the moment.

This was my workaround - it worked for Solaris 2.5.1, no idea about
others. I don't believe this is the right fix though:

--- configure.ac	2003/04/29 09:12:08	1.1.1.10
+++ configure.ac	2003/05/09 12:43:25	1.10
@@ -389,7 +389,7 @@
 
 # Checks for header files.
 AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
-	getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
+	getopt.h glob.h ia.h lastlog.h limits.h login.h \
 	login_cap.h maillock.h netdb.h netgroup.h \
 	netinet/in_systm.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
@@ -410,9 +410,6 @@
     fi
 fi
 
-AC_CHECK_FUNC(getspnam, ,
-	AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
-
 AC_ARG_WITH(rpath,
 	[  --without-rpath         Disable auto-added -R linker paths],
 	[
@@ -622,7 +619,6 @@
 )
 
 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
 
 dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
@@ -663,6 +659,10 @@
 		fi
 	])
 ])
+
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
+AC_CHECK_FUNC(getspnam, ,
+	AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
 
 dnl    Checks for time functions
 AC_CHECK_FUNCS(gettimeofday time)

-- 
Alex Kiernan, Principal Engineer, Development, THUS plc

More information about the openssh-unix-dev mailing list