issue with 3.7.1p2

Steve Belt (rgpg70) Steve.Belt at motorola.com
Wed Oct 22 07:49:45 EST 2003


Ben,

Now that I have set "UsePAM yes" I am seeing another issue.  When a user types in
the wrong password, there is a long delay and then the message "Connection
closed" appears.  With 3.6.1p1, a wrong password would result in an immediate
message "Permission denied, please try again" and the user would be asked to
re-enter the password.  I can reduce the delay by setting "LoginGraceTime" to
some smaller number, but why does the connection close instead of asking for
another password?

Cheers,
Steve

Ben Lindstrom wrote:

> No that is the only incorrect default.  It was missed in a last minute
> change before p2 release where we decided PAM (like Kerb, etc) are not to
> be enabled by default.
>
> The sshd_config has been corrected in the current CVS tree.
>
> - Ben
>
> On Tue, 21 Oct 2003, Steve Belt (rgpg70) wrote:
>
> > Hi Ben,
> >
> > Thanks for the reply.  I assumed that since the defaults (according to the
> > header in the
> > sshd_config file) were commented out, UsePAM was already being utilized,
> > since the file contained the line "#UsePAM yes."  I went ahead and
> > uncommented the line anyway and it now works.  I wonder if the other
> > "defaults" are incorrect as well?  Anyway, thanks for the info.  Saved a lot
> > of headaches!
> >
> > Cheers,
> > Steve
> >
> > Ben Lindstrom wrote:
> >
> > > If you are using pam please go into your sshd_config and put in:
> > >
> > > UsePam yes
> > >
> > > - Ben
> > >
> > > On Tue, 21 Oct 2003, Steve Belt (rgpg70) wrote:
> > >
> > > > Hello,
> > > >
> > > > I have recently download and compiled version 3.7.1p2 of openssh, but am
> > > > having authentication issues with it.  I have been using 3.6.1p1 with no
> > > > problems.  Both versions were compiled on the same Solaris 8 host.  That
> > > > host uses ldap for its name service.  Both were compiled using the same
> > > > openssh config options:
> > > >
> > > > --prefix=/opt/openssh --with-pam --with-zlib=/opt/openssh/lib
> > > >
> > > > However, the 3.7.1p2 version will not let me (as a regular user) login.
> > > > I get the all-too-familiar error:
> > > >
> > > > Permission denied (publickey,password,keyboard-interactive)
> > > >
> > > > I did the compiles the exact same way.  Why would one compile work, but
> > > > not the other?  I would like to migrate to the newer version, since it
> > > > has some security fixes.  Is there something I need to do during
> > > > compile, or is this a runtime configuration thing?
> > > >
> > > > Thanks in advance,
> > > > Steve
> > > >
> > > > --
> > > >
> > > > Steve "Wheat" Belt              Motorola, Inc.
> > > > Steve.Belt at motorola.com         6501 William Cannon Dr. West, MD OE341
> > > > 512-895-2268                    Austin, TX 78735
> > > >
> > > >
> > > > _______________________________________________
> > > > openssh-unix-dev mailing list
> > > > openssh-unix-dev at mindrot.org
> > > > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> > > >
> >
> > --
> >
> > Steve "Wheat" Belt              Motorola, Inc.
> > Steve.Belt at motorola.com         6501 William Cannon Dr. West, MD OE341
> > 512-895-2268                    Austin, TX 78735
> >
> >
> >

--

Steve "Wheat" Belt              Motorola, Inc.
Steve.Belt at motorola.com         6501 William Cannon Dr. West, MD OE341
512-895-2268                    Austin, TX 78735





More information about the openssh-unix-dev mailing list