Marc Lehmann <[email protected]> writes: > What luck that I found out how to reproduce it a while later: remove the > /etc/shadow entry for the user, and you get connection closed but no log > messages whatsoever.
I think that's just because pam_unix doesn't log anything in this case. I've run into that before. > strace shows that sshd tried to open /dev/log, but gets ENOENT, which > makes sense in the context. I'm pretty sure this is a red herring, since the account portion of the pam_krb5 module (which is where this is checked in pam_unix) is able to log to syslog even with PrivilegeSeparation turned on. Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:auth): user eagle authenticated as [email protected] Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): pam_sm_acct_mgmt: entry (0x0) Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): (user eagle) retrieving principal from cache Oct 6 19:43:32 windlord sshd[19307]: pam_krb5(sshd:account): pam_sm_acct_mgmt: exit (success) Oct 6 19:43:32 windlord sshd[19307]: Accepted password for eagle from 171.67.225.134 port 45240 ssh2 Oct 6 19:43:32 windlord sshd[19307]: pam_unix(sshd:session): session opened for user eagle by (uid=0) -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
