Error with USE_POSIX_THREADS and OpenSSH-3.8p1

Tue May 4 20:05:15 EST 2004

Hello,

I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the klist command get the keys from this file.

But, in OpenSSH-3.7 and 3.8, this is not working. That is, the
/tmp/krb5cc_X_Y file is not created. That is., in normal build [without
POSIX_THREADS], when the system is authenticated with PAM-Kerberos, the
"/tmp/krb5cc_X_Y" file is not created and the KRB5CCNAME env variable is not
set. So, klist is not working. In order to make this success, based on
mailing list discussions we got that that pam_authenticate() function is
being called in forked process and based on the recommendation in the list,
we enabled USE_POSIX_THREADS and we got the following buffer error on the
server side when ssh connection is attempted. This is not the case with
OpenSSH-3.7.1p2. It works when USE_POSIX_THREADS is enabled.But, 3.8p1
closed with this error in the server side.
------
debug3: pam_password_change_required 0
debug3: PAM: num env strings 0
buffer_get: trying to get more bytes 4 than in buffer 0
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
-------

To fix this, we have done some changes in auth-pam.c and session.c [1].  We
are not sure that this is the exact fix for this though this works for
PAM_Kerberos and PAM_unix with normal mode. But, in trusted mode, with
PAM_UNIX, the password change prompt is being asked for the first login and
it succeedes until the password is changed. Once the password is changed,
the connection hangs at channel read/write. We can see some pty related
error in the server side, and the error we see is
-----
debug1: Allocating pty.
openpty: Bad file number
session_pty_req: session 0 alloc failed
-----

We have attached the debug statements for ssh and sshd [2]. There are some
statements in that those we have added for debugging purpose. This is for
information.

Anybody else tried USE_POSIX_THREADS in OpenSSH-3.8p1 and PAM-unix in
trusted mode.

Any help will be much appreciated.

Attachments:
=========
[1] - sshd_ssh_pam_debug_apr29.txt
[2] - diff_with_use+posix_threads_ssh38.txt

Thanks,
Kumar.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sshd_ssh_pam_debug_apr29.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040504/a2b5043c/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff_with_use_posix_threads_ssh38.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040504/a2b5043c/attachment-0001.txt 