openssh 3.7.1p2 afs/pam issues
Sean O'Malley
picasso at madflower.com
Wed Oct 1 02:21:40 EST 2003
Sep 2003, Damien Miller wrote:
> Please try the patch at http://bugzilla.mindrot.org/show_bug.cgi?id=717
Thanks!! this works!
Im not sure if this is a bug or just normal, but to get this to work
_correctly_ You have to set:
PasswordAuthentication no
Otherwise it is prompting me 3x for a password and failing and then the
fourth time it is letting me in with an account using an afs password. For
a local account. It works just fine. I guess I don't understand why it is
failing 3 times with a tunneled password, and the 4th time it is
magically working. Is it disabling tunneling after the 3rd attempt?
In my pam.conf file I have:
sshd auth sufficient /usr/lib/security/pam_unix.so
sshd auth sufficient /usr/lib/security/$ISA/pam_afs.so.1 try_first_pass
ignore_root setenv_password_expires
sshd account required /usr/lib/security/pam_unix.so
sshd session required /usr/lib/security/pam_unix.so
Is this just a case of blatent Operator Error, lack of understanding or
the pam_afs module doesn't support tunneling and the pam_unix one does?
Sean
More information about the openssh-unix-dev
mailing list