openssh 3.7.1p2 afs/pam issues

Sean O'Malley picasso at madflower.com
Wed Oct 1 02:21:40 EST 2003


Sep 2003, Damien Miller wrote:
> Please try the patch at http://bugzilla.mindrot.org/show_bug.cgi?id=717

Thanks!! this works!

Im not sure if this is a bug or just normal, but to get this to work
_correctly_ You have to set:
PasswordAuthentication no

Otherwise it is prompting me 3x for a password and failing and then the
fourth time it is letting me in with an account using an afs password. For
a local account. It works just fine. I guess I don't understand why it is
failing 3 times with a tunneled password, and the 4th time it is
magically working. Is it disabling tunneling after the 3rd attempt?

In my pam.conf file I have:

sshd auth sufficient /usr/lib/security/pam_unix.so
sshd auth sufficient /usr/lib/security/$ISA/pam_afs.so.1 try_first_pass
ignore_root  setenv_password_expires
sshd account required /usr/lib/security/pam_unix.so
sshd session required /usr/lib/security/pam_unix.so

Is this just a case of blatent Operator Error, lack of understanding or
the pam_afs module doesn't support tunneling and the pam_unix one does?

Sean




More information about the openssh-unix-dev mailing list