Conflict between LDAP and Privilege Separation?
Lets Go Canes
letsgonhlcanes at yahoo.com
Thu Sep 1 06:45:30 EST 2005
--- Tim Rice <tim at multitalents.net> wrote:
> None of those (missing) modules are even listed in your pam.conf
>
> Did you build your own PAM stack that uses a different configuration
> file?
No. I have done nothing with PAM, except build and configure OpenSSH
to utilize it.
> Try running truss(1) on sshd and see what config file it opens.
I downloaded today's snapshot and built it to see if it improved
things. It didn't change the behavior, but I no longer get the
shared-library errors. I do, however, still get the following in
/var/adm/messages on each "drop":
Aug 31 16:20:53 ssh-host sshd[28145]: [ID 800047 auth.error] error:
PAM: pam_open_session(): Can not make/remove entry for session
I'm still going through the truss output - I'll let you know if I find
anything that looks relevant.
And as with the prior release of OpenSSH, if I disable
PrivilegeSeparation, everything works (which would seem to suggest
that PAM is configured correctly).
I just did a lot of searching on bugzilla, and what I am seeing
*might* be related to http://bugzilla.mindrot.org/show_bug.cgi?id=926;
it isn't clear to me as I don't really know PAM.
--------------
Lets Go Canes!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the openssh-unix-dev
mailing list