openssh 3.7.1p2 afs/pam issues

ERIC K. CHEU ekcheu at
Fri Oct 3 23:14:23 EST 2003

This is what happens when I put only this in the /etc/pam.conf file:

sshd    auth optional /usr/lib/security/ ignore_root

(mind you, this line works okay with AFS accounts on previous version of

debug1: Allocating pty.
debug1: session_new: init
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/0
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM: setting PAM_TTY to "/dev/pts/0"
debug1: here 2
debug1: PAM: establishing credentials
PAM: pam_setcred(): Authentication failed
debug1: Calling cleanup 0x3a3dc(0x1279e4)
debug1: Calling cleanup 0x476d8(0x0)
debug1: session_by_tty: session 0 tty /dev/pts/0
debug1: channel 0: free: server-session, nchannels 1
debug1: session_pty_cleanup: session 0 release /dev/pts/0
debug1: Calling cleanup 0x4f5e0(0x0)
debug1: Calling cleanup 0x44404(0x0)
debug1: PAM: cleanup
debug1: Calling cleanup 0x44404(0x0)
debug1: PAM: cleanup

AFS Password: 
Connection to waterfall closed by remote host.
Connection to waterfall closed.


So credentials are not being set somehow (maybe an incompatable ticket or
something?).  I put the line here 2 to see where it was failing.  Looks
like the second instance where do_pam_setcred(1) is being called after the
tty is begin set (around line 528 of session.c).

More information about the openssh-unix-dev mailing list