On 02/26/2015 01:15 PM, nat...@nathanpeters.com wrote:
On 02/25/2015 04:37 PM, nat...@nathanpeters.com wrote:
It does not seem to recognize the user in the secan attempt but the
first attempt seems to authenticate and then disconnect.
I do not see trace from accounting session but I suspect that your pam
stack does not authorize authenticated user.
Try to allow all authenticated users first. This will prove that it is
a
pam stack accounting phase configuration issue.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

How do I allow all authenticated users?  In the freeIPA domain I have a
rule 'allow_all' that allows any user to connect to any system on any
service.  This is working fine for linux clients.

I assume you mean to do it on the Solaris machine?  I don't have any
users
specifically blocked, ie, there is nothing in my sshd_config file that
is
limiting the users and groups that can login.  Eg, I've got no
'AllowUsers' lines or anything like that.  I've even got PermitRootLogin
set to yes and have tested that root can login.




other account    required     pam_permit.so

and comment other pam modules in the section:

   Default definition for Account management
# Used when service name is not explicitly mentioned for account
management
#
other   account requisite       pam_roles.so.1 debug
other   account required        pam_unix_account.so.1 debug
#other   account sufficient      pam_ldap.so.1
other   account required        pam_krb5.so.1 debug


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

pam_permit does not exist in Solaris 10 so I cannot use that to test.  The
only way I could break down where the error is happening is to restore to
a completely default pam.conf and add the krb5.so entries 1 at a time.

The first entry was added fine in the login section although I noted that
the 'try_first_pass' option also does not exist in Solaris, so not sure
why the guide for Solaris is saying to use that:
login   auth sufficient         pam_krb5.so.1

The following entry is what broke the system :
other   auth sufficient         pam_krb5.so.1

I placed it in the same place as in the guide (under unix_cred and before
unix_auth).  So we know its the auth thats failing, not the account?

Here is how it broke : root can no longer login through ssh.

I compared the log entries for logins before and after the auth change and
they are identical up to about line 127.

I noticed that the login that failed threw a strange krb5
pam_no_module_data error before disconnecting the ssh client.

Here are the 2 logs for reference:

unsuccessful root login
-----------------------
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
872586 auth.debug] PAM[494]: pam_authenticate(812bf10, 1):
/usr/lib/security/pam_authtok_get.so.1 returned Ignore module
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:user)=root
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:authtok)=********
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:repository)=NULL
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
872586 auth.debug] PAM[494]: pam_authenticate(812bf10, 1):
/usr/lib/security/pam_dhkeys.so.1 returned Ignore module
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
872586 auth.debug] PAM[494]: pam_authenticate(812bf10, 1):
/usr/lib/security/pam_unix_cred.so.1 returned Ignore module
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:user)=root
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
395087 auth.debug] PAM[494]:
pam_get_data(812bf10:SUNW-KRB5-AUTH-DATA)=PAM_NO_MODULE_DATA
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
140038 auth.debug] PAM[494]:
pam_set_data(812bf10:SUNW-KRB5-AUTH-DATA:2)=812cc20
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:repository)=NULL
Feb 26 17:51:57 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[494]: [ID
455340 auth.debug] PAM[494]: pam_get_item(812bf10:authtok)=********


successful root login
---------------------
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_authenticate(812e218, 1):
/usr/lib/security/pam_authtok_get.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:authtok)=********
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:repository)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_authenticate(812e218, 1):
/usr/lib/security/pam_dhkeys.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_authenticate(812e218, 1):
/usr/lib/security/pam_unix_cred.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:authtok)=********
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:repository)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_authenticate(812e218, 1):
/usr/lib/security/pam_unix_auth.so.1 returned Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
361950 auth.debug] PAM[482]: pam_authenticate(812e218, 1): final: Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
800047 auth.debug] debug1: do_pam_account: called
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
690203 auth.debug] PAM[482]: pam_acct_mgmt(812e218, 0)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
130549 auth.debug] PAM[482]: load_modules(812e218,
pam_sm_acct_mgmt)=/usr/lib/security/pam_roles.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
149591 auth.debug] PAM[482]: load_function: successful load of
pam_sm_acct_mgmt
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
130549 auth.debug] PAM[482]: load_modules(812e218,
pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
149591 auth.debug] PAM[482]: load_function: successful load of
pam_sm_acct_mgmt
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:auser)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:ruser)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:rhost)=10.5.5.57
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_acct_mgmt(812e218, 0):
/usr/lib/security/pam_roles.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
390833 auth.debug] PAM[482]: pam_get_item(812e218:repository)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
330580 auth.debug] PAM[482]:
pam_get_data(812e218:SUNW-UNIX-AUTHTOK-DATA)=PAM_NO_MODULE_DATA
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
710061 auth.debug] PAM[482]:
pam_set_data(812e218:SUNW-UNIX-AUTHTOK-DATA:2)=812e880
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
806026 auth.debug] PAM[482]: pam_acct_mgmt(812e218, 0):
/usr/lib/security/pam_unix_account.so.1 returned Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
361950 auth.debug] PAM[482]: pam_acct_mgmt(812e218, 0): final: Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[482]: [ID
804632 auth.debug] PAM[482]: pam_getenvlist(812e218)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: PAM: num PAM env strings 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.info] Postponed keyboard-interactive/pam for root from
10.5.5.57 port 53885 ssh2 [preauth]
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: do_pam_account: called
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.info] Accepted keyboard-interactive/pam for root from
10.5.5.57 port 53885 ssh2
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: monitor_child_preauth: root has been
authenticated by privileged process
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: monitor_read_log: child log fd closed
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
415390 auth.debug] PAM[480]: pam_set_item(812e218:conv)=8086ff8
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: PAM: establishing credentials
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
690202 auth.debug] PAM[480]: pam_setcred(812e218, 1)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
259530 auth.debug] PAM[480]: load_modules(812e218,
pam_sm_setcred)=/usr/lib/security/pam_authtok_get.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
985081 auth.debug] PAM[480]: load_function: successful load of
pam_sm_setcred
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
259530 auth.debug] PAM[480]: load_modules(812e218,
pam_sm_setcred)=/usr/lib/security/pam_dhkeys.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
985081 auth.debug] PAM[480]: load_function: successful load of
pam_sm_setcred
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
259530 auth.debug] PAM[480]: load_modules(812e218,
pam_sm_setcred)=/usr/lib/security/pam_unix_cred.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
985081 auth.debug] PAM[480]: load_function: successful load of
pam_sm_setcred
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
259530 auth.debug] PAM[480]: load_modules(812e218,
pam_sm_setcred)=/usr/lib/security/pam_unix_auth.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
985081 auth.debug] PAM[480]: load_function: successful load of
pam_sm_setcred
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
740490 auth.debug] PAM[480]: pam_setcred(812e218, 1):
/usr/lib/security/pam_authtok_get.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:authtok)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
740490 auth.debug] PAM[480]: pam_setcred(812e218, 1):
/usr/lib/security/pam_dhkeys.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:auser)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:rhost)=10.5.5.57
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:tty)=ssh
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:resource)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
740490 auth.debug] PAM[480]: pam_setcred(812e218, 1):
/usr/lib/security/pam_unix_cred.so.1 returned Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
740490 auth.debug] PAM[480]: pam_setcred(812e218, 1):
/usr/lib/security/pam_unix_auth.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
361438 auth.debug] PAM[480]: pam_setcred(812e218, 1): final: Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
415390 auth.debug] PAM[480]: pam_set_item(812e218:conv)=8086ff8
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
690202 auth.debug] PAM[480]: pam_open_session(812e218, 0)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
259530 auth.debug] PAM[480]: load_modules(812e218,
pam_sm_open_session)=/usr/lib/security/pam_unix_session.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
985081 auth.debug] PAM[480]: load_function: successful load of
pam_sm_open_session
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:tty)=ssh
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
390817 auth.debug] PAM[480]: pam_get_item(812e218:rhost)=10.5.5.57
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
740490 auth.debug] PAM[480]: pam_open_session(812e218, 0):
/usr/lib/security/pam_unix_session.so.1 returned Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
361438 auth.debug] PAM[480]: pam_open_session(812e218, 0): final: Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: Entering interactive session for SSH2.
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: server_init_dispatch_20
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: server_input_channel_open: ctype session rchan
256 win 16384 max 16384
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: input_session_request
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: channel 0: new [server-session]
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_new: session 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_open: channel 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_open: session 0: link with channel 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: server_input_channel_open: confirm session
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: server_input_channel_req: channel 0 request
pty-req reply 1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_by_channel: session 0 channel 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_input_channel_req: session 0 req
pty-req
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: Allocating pty.
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_pty_req: session 0 alloc /dev/pts/2
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: server_input_channel_req: channel 0 request
shell reply 1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_by_channel: session 0 channel 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.debug] debug1: session_input_channel_req: session 0 req shell
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[480]: [ID
800047 auth.info] Starting session: shell on pts/2 for root from 10.5.5.57
port 53885
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
415422 auth.debug] PAM[484]: pam_set_item(812e218:conv)=8086ff8
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
800047 auth.debug] debug1: PAM: reinitializing credentials
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
690204 auth.debug] PAM[484]: pam_setcred(812e218, 4)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
259531 auth.debug] PAM[484]: load_modules(812e218,
pam_sm_setcred)=/usr/lib/security/pam_authtok_get.so.1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
871562 auth.debug] PAM[484]: pam_setcred(812e218, 4):
/usr/lib/security/pam_authtok_get.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
871562 auth.debug] PAM[484]: pam_setcred(812e218, 4):
/usr/lib/security/pam_dhkeys.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
390849 auth.debug] PAM[484]: pam_get_item(812e218:user)=root
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
390849 auth.debug] PAM[484]: pam_get_item(812e218:auser)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
390849 auth.debug] PAM[484]: pam_get_item(812e218:rhost)=10.5.5.57
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
390849 auth.debug] PAM[484]: pam_get_item(812e218:tty)=ssh
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
390849 auth.debug] PAM[484]: pam_get_item(812e218:resource)=NULL
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
871562 auth.debug] PAM[484]: pam_setcred(812e218, 4):
/usr/lib/security/pam_unix_cred.so.1 returned Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
871562 auth.debug] PAM[484]: pam_setcred(812e218, 4):
/usr/lib/security/pam_unix_auth.so.1 returned Ignore module
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
362462 auth.debug] PAM[484]: pam_setcred(812e218, 4): final: Success
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
800047 auth.debug] debug1: permanently_set_uid: 0/0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[484]: [ID
482209 auth.debug] PAM[484]: pam_getenvlist(812e218)
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: server_input_channel_req: channel 0 request
win...@putty.projects.tartarus.org reply 1
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: session_by_channel: session 0 channel 0
Feb 26 17:45:37 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: session_input_channel_req: session 0 req
win...@putty.projects.tartarus.org
Feb 26 17:45:41 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: server_input_channel_req: channel 0 request
window-change reply 0
Feb 26 17:45:41 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: session_by_channel: session 0 channel 0
Feb 26 17:45:41 ipaclient5-sandbox-atdev-van.ipadomain.net sshd[414]: [ID
800047 auth.debug] debug1: session_input_channel_req: session 0 req
window-change


root is not an ipa managed user so it is purely your pam configuration.
I thought we were trying to figure out why your ipa users are not handled properly.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to