On Sun, 6 Nov 2016, Olaf Marzocchi wrote:
; Hi Andy,
; thanks for the help, especially on Sunday!
;
; I blindly followed the instructions provided on
; https://omnios.omniti.com/wiki.php/Upgrade_to_r151020 but yes, the
; recommendation of s/sshd-kbdint/sshd/ was (at least in my case) wrong and by
; reverting to sshd-kbdint I got the 2FA back.
That's strange because the advice in the wiki came from me originally!
I definitely needed to update my pam.conf when I first switched to
OpenSSH...
reaper# (38) pkg history -l | ggrep -B5 -A5 openssh | head -7
New Boot Env. UUID: (None)
Snapshot: (None)
Start Time: 2015-11-20T12:58:24
End Time: 2015-11-20T12:58:43
Total Time: 0:00:19
Command: /usr/bin/pkg install --no-backup-be --reject pkg:/network/ss
h --reject pkg:/network/ssh/ssh-key --reject pkg:/service/network/ssh pkg:/netwo
rk/openssh pkg:/network/openssh-server
Release Notes: No
That was in November 2015 but there's a patch at
https://github.com/omniti-labs/omnios-build/blob/master/build/openssh/patches/0011-PAM-enhancements-for-Solaris.patch
which looks like it changes the pam service back to sshd-kbdint (assuming
default options in sshd_config). That was commited in March 2016 so it seems
that the pam.conf update is no longer required.
Regards,
Andy
--
Citrus IT Limited | +44 (0)870 199 8000 | enquir...@citrus-it.co.uk
Rock House Farm | Green Moor | Wortley | Sheffield | S35 7DQ
Registered in England and Wales | Company number 4899123
_______________________________________________
OmniOS-discuss mailing list
OmniOS-discuss@lists.omniti.com
http://lists.omniti.com/mailman/listinfo/omnios-discuss
