[Bug 1165] 'groups' command fails on AIX when logged in as root user via SSH.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 1 23:08:56 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1165





------- Comment #5 from dtucker at zip.com.au  2006-03-01 23:08 -------
(In reply to comment #4)
> # oslevel -r
> 4330-01

OK, well AIX 4.3.3 has been unsupported by IBM since (from memory) the start of
last year.  And the last AIX ML was 11.  So your platform is seriously
unsupported.

> LibPAM  version is 0.78

That looks like a LinuxPAM version.  So all up you have an EOLed OS version
with a very old maintenance level and an unsupported third-party PAM library.

> So you are indicating that this is expected behaviour/design intent of AIX and
> SSH put together.

No, there's no intent at all.  What you have is completely unsupported; if it
works for you then great, otherwise I am afraid you are on your own.

> Is there a way forward ?

Your options seem to be:
a) build without PAM, assuming that works as expected.  (It does on AIX 5.1
here.)  If the problem persists without PAM then we may be able to help you.

b) assuming the problem is within the PAM library, try to figure out how to fix
it.  From a quick grep of LinuxPAM source of that vintage, the most likely
candidate is pam_group.c, although this might be different if you have
different modules.

If you add a call to getgroups to the end of my pam test harness [1] (adding
"system("groups");" ought to do) and running the result as root will prove
whether or not your PAM stack is at fault).  If this exhibits the same problem
then the provider of the PAM stack may be able to help.

c) By coincidence, I also have an old patch[2] for LinuxPAM that might or might
not be the underlying cause but if not then I'm afraid we can't help you.

[1] http://www.zip.com.au/~dtucker/patches/#pamtest
[2]
http://www.zip.com.au/~dtucker/patches/linux-pam-0.77-pam_group_noreset.patch




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list