3.8p1 on Solaris 8

David R. Steiner david.r.steiner at Dartmouth.EDU
Thu May 13 06:20:11 EST 2004


Ben,

Actually, I don't think so.

After I sent this, I was talking to a colleague and, after looking at 
the pam.conf file, he suggested that the old version was acting like 
it was using the login stanza which had a different format than 
other. We changed other to match login so it looks like this now:

other   auth requisite          pam_authtok_get.so.1
other   auth sufficient         pam_dhkeys.so.1
other   auth sufficient         pam_unix_auth.so.1
other   auth sufficient         pam_afs.so.1 try_first_pass set_token 
ignore_root  setenv_password_expires

This now works. The only difference we are seeing between 3.6 and 3.8 
is the password prompts are a little different. "user at machine's 
password" for the former vs. simply "password:" for the later.

So, the problem seems to be solved for me but I am left me with 2 questions:

- Was there a change in which stanza of the pam.conf file OpenSSH 
uses between the two versions?

- Was there a change in the way the password prompt is displayed 
between the two versions?

Thanks again.

-David-

At 14:13 -0500 5/12/04, Ben Lindstrom wrote:
>I believe this links in with your issue:
>
>http://bugzilla.mindrot.org/show_bug.cgi?id=688
>
>No intree solution at this moment.
>
>- Ben
>
>On Wed, 12 May 2004, David R. Steiner wrote:
>
>>  Hello,
>>
>>  I am running into some strange (to me) behavior trying to upgrade
>>  from 3.6.1p2 to 3.8p1 on Solaris 8.
>>
>>  All of my machines are running 3.6.1p2 (Linux boxes have had RH
>>  errata applied). When I ssh with my AFS account name from any of them
>>  to the Solaris 8 box running 3.6.1p2, it responds with
>>  "afsuser at machine's password:". Once the password is given, I am
>>  logged in just fine.
>>
>>  When I do the same thing with 3.8.1p2, instead of the password prompt
>>  above, I get "AFS password:". I can authenticate fine but I do not
>>  receive a token.
>>
>>  There is no difference in the pam.conf file for either of these instances.
>>
>>  Anyone offer any suggestions? Have I missed something obvious?
>>
>>  I know that AFS support was dropped in 3.7 (which is why all of my
>>  machines are running 3.6) but since OpenSSH is not compiled with AFS
>>  support on the Solaris boxes and relies on PAM, I am assuming this is
>>  not the issue.
>>
>>  3.8.p1 was configured with:
>>
>>  ./configure --prefix=/usr/ssh --without-zlib-version-check --with-pam
>>  --with-prngd-socket=/var/run/opt/prngd-socket
>>  --with-tcp-wrappers=/usr/local --sysconfdir=/etc/ssh
>>  --with-pid-dir=/var/run --with-ipv4-default
>>  --with-default-path=/usr/bin:/bin:/usr/sbin
>>
>>  The pam.conf file for other looks like this:
>>
>>  other     auth sufficient       pam_afs.so.1 try_first_pass set_token
>>  ignore_root setenv_password_expires
>>  other   auth requisite          pam_authtok_get.so.1
>>  other   auth required           pam_dhkeys.so.1
>>  other   auth required           pam_unix_auth.so.1
>>
>>  TIA.
>>
>  > -David-

-- 
David R. Steiner                               david.r.steiner at dartmouth.edu
UNIX System Manager                            Phone:  603.646.3127
Dartmouth College                              Fax:     603.646.1041




More information about the openssh-unix-dev mailing list