kerberos + gssapi password change

Andreas Girardet girardet at nz1.ibm.com
Thu Oct 9 11:12:35 EST 2003 

Hello 

I am not a developer, but since this is a more advanced issue I rather 
post to this list than to the users list, I hope this is OK.

We are currently running openssh with simon's gssapi patch and want to 
move towards the new integrated solution with openssh-3.7.1p2. A problem 
we experienced in both versions of openssh is that we are not able to 
change the kerberos password, when it expires. I used James'  patch but it 
seemed to not work well with simon's gssapi patch and as such we decided 
not to integrate it. James told me that he believes password change is now 
working with the changes, but I am unable to get it working and am 
wondering if this is a known limitation still and if you are planning to 
work on this issue in the future if it is still an issue.

Another oddness I experience 


Cheers

IBM Global Services - New Zealand Linux Team
Linux Infrastructure project
Office: +64-9-359-8761
email: girardet at nz1.ibm.com
13-17 Dundonald Street, Newton, Auckland, New Zealand





###########################################
from sshd -ddd

ebug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 7
PAM: Authentication token is no longer valid; new one required.
debug3: mm_request_send entering: type 49
debug3: mm_request_receive entering
debug3: mm_sshpam_query: pam_query returned -1
debug2: auth2_challenge_start: devices <empty>
debug3: mm_sshpam_free_ctx
debug3: mm_request_send entering: type 52
debug3: mm_sshpam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX
debug3: mm_request_receive_expect entering: type 53
debug3: mm_request_receive entering
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_free_ctx
debug3: mm_request_send entering: type 53
debug2: monitor_read: 52 used once, disabling now
Failed keyboard-interactive/pam for agirardet from 10.65.59.54 port 43168 
ssh2
debug3: mm_request_receive entering
Failed keyboard-interactive/pam for agirardet from 10.65.59.54 port 43168 
ssh2
debug1: userauth-request for user agirardet service ssh-connection method 
keyboard-interactive
debug1: attempt 5 failures 4
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=agirardet devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: mm_sshpam_init_ctx
debug3: mm_request_send entering: type 46
debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX
debug3: mm_request_receive_expect entering: type 47
debug3: mm_request_receive entering
debug3: monitor_read: checking request 46
debug3: mm_answer_pam_init_ctx
debug3: mm_request_send entering: type 47
debug3: mm_request_receive entering
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 48
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug3: monitor_read: checking request 48
debug3: mm_answer_pam_query
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 1
debug3: mm_request_send entering: type 49
debug3: mm_request_receive entering
debug3: mm_sshpam_query: pam_query returned 0
Postponed keyboard-interactive for agirardet from 10.65.59.54 port 43168 
ssh2
debug3: ssh_msg_recv entering
debug3: mm_sshpam_respond
debug3: mm_request_send entering: type 50
debug3: mm_sshpam_respond: waiting for MONITOR_ANS_PAM_RESPOND
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_respond
debug2: PAM: sshpam_respond
debug3: ssh_msg_send: type 6
debug3: mm_request_send entering: type 51
debug3: mm_request_receive entering
debug3: mm_sshpam_respond: pam_respond returned 1
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 48
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug3: monitor_read: checking request 48
debug3: mm_answer_pam_query
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 7
PAM: Authentication token is no longer valid; new one required.
debug3: mm_request_send entering: type 49
debug3: mm_request_receive entering
debug3: mm_sshpam_query: pam_query returned -1
debug2: auth2_challenge_start: devices <empty>
debug3: mm_sshpam_free_ctx
debug3: mm_request_send entering: type 52
debug3: mm_sshpam_free_ctx: waiting for MONITOR_ANS_PAM_FREE_CTX
debug3: mm_request_receive_expect entering: type 53
debug3: mm_request_receive entering
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_free_ctx
debug3: mm_request_send entering: type 53
##############################################

More information about the openssh-unix-dev mailing list