openssh 3.6.1_p2 problem with pam (fwd)

Douglas E. Engert deengert at anl.gov
Fri May 2 23:37:27 EST 2003 

I saw a similiar problem with 3.6.1p2 when using PAM on HP UX 11.0
Rather then a 2 second delay, it got a segfault.  

This got around the problem, but it is not clear why this code which was 
in 3.5 was deleted. The PAM code is being called with a password="" 
for some reason, then loks like it is called again later for real. 

I still have problems with passwords on HP, but Solaris works, 
so this is not the total solution.


*** ,auth-pam.c Wed Apr 30 10:04:21 2003
--- auth-pam.c  Thu May  1 14:12:46 2003
***************
*** 210,215 ****
--- 210,227 ----
  
        do_pam_set_conv(&conv);
  
+ #if defined(__hpux)
+ /* add back this from 3.5 PAM on HP 11.0 segfaults 
+  * with password="" */
+     /* deny if no user. */
+     if (pw == NULL)
+             return 0;
+     if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
+             return 0;
+     if (*password == '\0' && options.permit_empty_passwd == 0)
+             return 0;
+ #endif /* __hpux */
+ 
        __pampasswd = password;
  
        pamstate = INITIAL_LOGIN;




Andrea Barisani wrote:
> 
> ----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> -----
> 
> Date: Fri, 2 May 2003 14:01:33 +0200
> From: Andrea Barisani <lcars at infis.univ.trieste.it>
> To: openssh at openssh.com
> Subject: openssh 3.6.1_p2 problem with pam
> 
> Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour:
> 
> # ssh -l lcars mybox
> [2 seconds delay]
> lcars at mybox's password:
> 
> In the logs I have:
> 
> May  2 13:57:11 sole sshd(pam_unix)[19663]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=homer.infis.univ.trieste.it  user=lcars
> May  2 13:57:13 sole sshd(pam_unix)[19665]: session opened for user lcars by (uid=817)
> 
> The first line is logged _before_ sshd prompt the password and that's the
> cause of the delay since I'm not using nodelay option in system-auth.
> 
> The second one is logged after I enter the correct password.
> 
> I don't suppose that this is a correct beahviour, what do you think?
> 
> Thanks a lot.
> 
> Bye
> 
> --
> ------------------------------------------------------------
> INFIS Network Administrator & Security Officer         .*.
> Department of Physics       - University of Trieste    /V\
> lcars at infis.univ.trieste.it - PGP Key 0x8E21FE82      (/ \)
> ----------------------------------------------------  (   )
> "How would you know I'm mad?" said Alice.             ^^-^^
> "You must be,'said the Cat,'or you wouldn't have come here."
> ------------------------------------------------------------
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the openssh-unix-dev mailing list