openssh 3.6.1_p2 problem with pam (fwd)

Frank Cusack fcusack at fcusack.com
Sat May 3 07:34:04 EST 2003


On Fri, May 02, 2003 at 08:37:27AM -0500, Douglas E. Engert wrote:
> I saw a similiar problem with 3.6.1p2 when using PAM on HP UX 11.0
> Rather then a 2 second delay, it got a segfault.  
> 
> This got around the problem, but it is not clear why this code which was 
> in 3.5 was deleted. The PAM code is being called with a password="" 
> for some reason, then loks like it is called again later for real. 

It wasn't deleted, it was moved.  The pam code SHOULD be called here,
that's why it was moved.

> I still have problems with passwords on HP, but Solaris works, 
> so this is not the total solution.

Sounds like HP-UX's libpam is buggy, or you have a buggy PAM module.
Are you using any custom (not distributed with HP-UX) modules?

/fc

> *** ,auth-pam.c Wed Apr 30 10:04:21 2003
> --- auth-pam.c  Thu May  1 14:12:46 2003
> ***************
> *** 210,215 ****
> --- 210,227 ----
>   
>         do_pam_set_conv(&conv);
>   
> + #if defined(__hpux)
> + /* add back this from 3.5 PAM on HP 11.0 segfaults 
> +  * with password="" */
> +     /* deny if no user. */
> +     if (pw == NULL)
> +             return 0;
> +     if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
> +             return 0;
> +     if (*password == '\0' && options.permit_empty_passwd == 0)
> +             return 0;
> + #endif /* __hpux */
> + 
>         __pampasswd = password;
>   
>         pamstate = INITIAL_LOGIN;




More information about the openssh-unix-dev mailing list