Re: [OpenAFS] Solaris 9 official sshd patch breaks pam_afs functioning

Tue, 12 Sep 2006 07:40:14 -0700 

Yup.

adm : noodle # strings /usr/lib/ssh/sshd | grep sshd-kbdint
sshd-kbdint
adm : noodle #

Adding lines in /etc/pam.conf for sshd-kbdint solved the
problem.

Thanks!

Douglas E. Engert wrote:



Jeff Blaine wrote:


Has anyone solved this? :(  I'm using OpenAFS 1.4.1.

Patch 113273-11 (sshd SPARC) has killed off token-getting via
pam_afs.so.1



We are using OpenSSH on Solaris 9, but Sun's sshd on Solaris 10.

Did Sun change the pam service names for sshd to do what they did in
Solaris 10? So sshd is looking for sshd-kbdint, but its not in your pam.conf 
so it is using other?

You could do a strings on thr sshd to look for sshd-kdbint



I'm syslogging *.debug to /var/adm/debug.log and all I get is
the following (even with 'debug' as an option to pam_afs.so.1)
Sep 12 00:11:12 noodle.domain.com sshd[444]: [ID 800047 auth.info] Accepted keyboard-interactive for jblaine from 192.168.168.2 port 3995 ssh2 
---------------------------------------------------------------------
login as: jblaine
Using keyboard-interactive authentication.
Password:
Last login: Mon Sep 11 23:45:06 2006 from 192.168.168.2
Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
jblaine > tokens

Tokens held by the Cache Manager:

   --End of list--
jblaine >
---------------------------------------------------------------------
Running 'sshd -d' shows:

...
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 199/384
debug1: bits set: 1565/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1617/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user jblaine service ssh-connection method none 
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for jblaine from 192.168.168.2 port 3961 ssh2
debug1: userauth-request for user jblaine service ssh-connection method keyboard-interactive 
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug1: keyboard-interactive devs
debug1: got 1 responses
debug1: PAM conv function returns PAM_SUCCESS
Accepted keyboard-interactive for jblaine from 192.168.168.2 port 3961 ssh2 
debug1: permanently_set_uid: 26560/10
debug1: Entering interactive session for SSH2.
...

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info





_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to