OpenSSH public key problem with Solaris 10 and LDAP users?

Alexander Skwar listen at alexander.skwar.name
Thu Aug 16 16:51:53 EST 2007


Darren Tucker <dtucker at zip.com.au> wrote:

> Peter Stuge wrote:
>> I recall there being a PAM test harness
>> which mimics what OpenSSH does - but I don't remember if it's
>> included in the distribution or available separately?
> 
> http://www.zip.com.au/~dtucker/patches/#pamtest
> 
> The "-a" option skips the pam_authenticate call which simulates what
> happens during a public-key authentication.

Hm. No difference between non-working and working user:

,----[ working user ]
| --($:~/Source/pamtest)-- ./pam-test-harness -a -u askwar
| $Id: pam-test-harness.c,v 1.30 2005/09/28 23:38:31 dtucker Exp $
| conversation struct {conv=0x112c8, appdata_ptr=0x23174}
| pam_start(login, askwar, &conv, &pamh) = 0 (Success)
| pam_get_item(pamh, PAM_SERVICE, ...) = 0 (Success)
|     PAM_SERVICE = login (unchanged)
| pam_set_item(pamh, PAM_TTY, "/dev/pts/17") = 0 (Success)
| pam_set_item(pamh, PAM_RHOST, "winds06") = 0 (Success)
| pam_set_item(pamh, PAM_RUSER, "askwar") = 0 (Success)
| pam_acct_mgmt(pamh, 0x0) = 9 (Authentication failed)
| pam_end(pamh, 0) = 0 (Success)
`----

,----[ non-working user ]
| --($:~/Source/pamtest)-- ./pam-test-harness -a -u testing
| $Id: pam-test-harness.c,v 1.30 2005/09/28 23:38:31 dtucker Exp $
| conversation struct {conv=0x112c8, appdata_ptr=0x23174}
| pam_start(login, testing, &conv, &pamh) = 0 (Success)
| pam_get_item(pamh, PAM_SERVICE, ...) = 0 (Success)
|     PAM_SERVICE = login (unchanged)
| pam_set_item(pamh, PAM_TTY, "/dev/pts/17") = 0 (Success)
| pam_set_item(pamh, PAM_RHOST, "winds06") = 0 (Success)
| pam_set_item(pamh, PAM_RUSER, "askwar") = 0 (Success)
| pam_acct_mgmt(pamh, 0x0) = 9 (Authentication failed)
| pam_end(pamh, 0) = 0 (Success)
`----

Both times, I get a "Authentication failed" message. Or am I using
the tool wrong?

Alexander Skwar



More information about the openssh-unix-dev mailing list