Conflict between LDAP and Privilege Separation?
Tim Rice
tim at multitalents.net
Tue Aug 30 04:28:39 EST 2005
On Mon, 29 Aug 2005, Lets Go Canes wrote:
> Hi all.
>
> OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 on Solaris 8 using host-based
> authentication.
>
> With "PrivilegeSeparation yes" and "UsePAM no" everything works as
> desired. If I enable PAM, I am able to connect, but just before it
> gives me a shell, it disconnects. If I leave PAM enabled and disable
> PrivilegeSeparation, it works.
>
> Is this a current limitation, or is there something I can try?
Must be a local problem.
I'm not seeing any problem here with host-based auth.
I tried both local account and LDAP account.
....
tim at sun1 1% id
uid=31(tim) gid=85(trr)
tim at sun1 2% grep ":31:" /etc/passwd
tim at sun1 3% grep UsePAM /etc/ssh/sshd_config
UsePAM yes
tim at sun1 4% uname -r
5.8
tim at sun1 5% ssh -V
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
tim at sun1 6% ps -fu tim
UID PID PPID C STIME TTY TIME CMD
tim 504 502 0 11:20:02 ? 0:00 /opt/mt/openssh/sbin/sshd -R
tim 506 504 0 11:20:02 pts/3 0:00 -csh
tim at sun1 7% grep PrivilegeSeparation /etc/ssh/sshd_config
#UsePrivilegeSeparation yes
....
Try running sshd -ddd and see if the debug output sheds any light.
>
> --------------
> Lets Go Canes!
>
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list