[Bug 926] pam_session_close called as user or not at all
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 12 22:11:02 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=926
--- Comment #35 from Jan Engelhardt <jengelh at gmx.de> 2008-04-12 22:10:57 ---
(from bug #926)
>> Modules do not seem to be able to do converse (in 5.0p1). pam_mount for
>> example is affected by this (ideally it would just grab the authtoken
>> from the auth stage but sadly enough openssh destroys the pam context
>> and instead starts a new one for session stage).
>
>That's a separate issue (see bug #688), however I think it only applies
>for challenge-response type authentications.
>
>You can probably work around it by disabling
>ChallengeResponseAuthentication in sshd_config or using password
>authentication (as opposed to keyboard-interactive, with an OpenSSH
>client that's "ssh -o preferredauthentications=password server").
Unfortunately, that does not do it either. CRA is set to no,
PasswordAuthentication set to yes, no pubkey in ~/.ssh. According to
sshd -ddd, it's still conversation error.
pam_mount(pam_mount.c:518) error trying to retrieve authtok from auth
code
pam_mount(pam_mount.c:208) enter read_password
debug3: PAM: sshpam_store_conv called with 1 messages
pam_mount(pam_mount.c:176) conv->conv(...): Conversation error
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
More information about the openssh-bugs
mailing list