LinuxPAM woes on the 3.6 series of openssh portable - strange behaviour
Nick Lange
nicklange at wi.rr.com
Wed Dec 3 16:24:15 EST 2003
All,
I hate to ask what's going to boil down to a configuration issue (I think)... and before I start pouring through the
code I'm hoping someone can just point out what's going on.
Essentially, on a particular "flavor" of our redhat linux 8 boxes PAM always seems to be called/fail before any real
authentication takes place. On other boxes, this is not the case. Normally this would not be a problem; however, in a
three-failed-passwords and you are locked out environment, this renders public key's almost useless. (Three successfull
authentications via public key will register three failed authentication attempts). I am not convinced that it is sshd a
priori, but I do need to resolve the issue. Can anyone familiar with this section of code offer any suggestions what
could cause openssh to invoke PAM at this point before the user has even attempted to enter a password?
see below for example output. I have on other box in the three-strikes-and-your-out environment(pam_smbauth) where this
is not a problem; however, it's configuration is different then the afflicted boxes. As I said this is apparently
strange behaviour and I'm not quite sure what I'm looking for yet without pouring through the code.
Any assistance is appreciated, on or off the list.
Cheers,
nick
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug1: PAM password authentication failed for e341518: Authentication failure
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
Failed none for e341518 from XXX.XXX.XXX.XXX port 44847 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
Failed none for e341518 from XXX.XXX.XXX.XXX port 44847 ssh2
More information about the openssh-unix-dev
mailing list