OpenSSH public key problem with Solaris 10
Darren Tucker
dtucker at zip.com.au
Sat Jul 1 00:34:53 EST 2006
On Fri, Jun 30, 2006 at 07:04:20AM -0700, Erich Weiler wrote:
> Hi ya'll-
>
> I've got this odd openssh problem with Solaris 10 I was hoping someone
> could shed some light on. Not sure if it is a bug... Basically I'm
> trying to use pubkeys as an auth method, but am having issues. I can
> log in using passwords no problem, but as soon as it notices a matching
> public key it closes the connection. I ran the sshd server (on Solaris
> 10 box) in debug mode and got this output when I tried to log in:
[...]
> Found matching RSA key: 4d:c0:33:3b:dd:75:89:bb:d1:36:e7:17:2b:85:34:9c
> debug1: restore_uid: 0/0
> debug1: ssh_rsa_verify: signature correct
> debug1: do_pam_account: called
> Access denied for user weiler by PAM account configuration
[...]
What's happening is that sshd is successfully authenticating via
public-key.
It then tries to check the account status via PAM which fails, because you
have Kerberos modules in your PAM config but public-key authentication
does not provide the Kerberos credentials required for the module to
perform those checks, and thus it fails.
If you don't use Kerberos then you can comment out the Kerberos account
(and probably session) modules. (You might want to create a "sshd"
service in the PAM config specifically for it.) If you do use Kerberos
then I'm not sure what your options are.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list