Strange behaviour w/ Solaris9 + pam_ldap + openssh 3.7.1p2

Darren Tucker dtucker at zip.com.au
Wed Nov 26 17:58:03 EST 2003


Rich Bishop wrote:
> 
> I have a Solaris 9 system which is using Sun's pam_ldap to access user &
> group information in a Netscape 4.16DS. This was working fine until I
> upgraded ssh on the box. However, now I'm using 3.7.1p2 with pam support
> I have the following problem:
> 
> If a user (local or ldap)  enters the correct password everything works
> fine. Entering a wrong password results in the sshd process becoming
> unresponsive, until it eventually times out as set by LoginGraceTime in
> sshd_config. Normally, sshd should prompt for a password a number of
> times before closing the connection. Running sshd in debug mode under
> truss shows it going into a sleep state.
> 
> I've done some searching on this - I found
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106743975716923&w=2
> on the sshd-devel list but there are no follow ups as yet. I've been in
> touch with the original poster, but he hasn't resolved the problem. I'd
> be happy to provide any debugging information that would be useful in
> diagnosing the problem.

It sounds like the PAM authentication thread is crashing (or possibly
deadlocking) for some reason.  If it's crashing, you can provide some
useful diagnostics thusly:

1) Check if sshd left a core in /
1a) otherwise, turn on core dump saving with coreadm (sorry, can't provide
more detail at the moment).
1b) run sshd until the problem occurs.
2) If ssh produces a core, feed it to gdb and provide a backtrace. In the
build directory, run gdb ./sshd /path/to/core and at the gdb prompt, type
"bt".

Save the core dump and copy of sshd from the build dir (it has the
debugging symbols) in case more info is required.

You could also try a current snapshot as there have been several
PAM-related fixes since the 3.7.1p2 release.

Also, possibly related:
http://bugzilla.mindrot.org/show_bug.cgi?id=740

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list