Hi all,
problem: Host-based authentication is not working for roles ("user2role" and
"role2role" login).
i have setup the host-based authentication between 2 nodes,as
node1 = server.
node2 = client.
these nodes are installed with the following.
SunOS <node1> 5.10 Generic_137111-02 sun4u sparc SUNW,Sun-Fire-V440.
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL
Host-based authentication is working fine on this setup.
Now i have converted the user "neo" on node1 to role ("usermod -K type=role
neo").Now "neo" on node1 become a role. According to RBAC concept, roles
doesn't allow remote/direct login.
But i have come across these links:
http://bugs.opensolaris.org/view_bug.do;jsessionid=bac85b2b6bd564e843af4907bd1?bug_id=6213280
http://opensolaris.org/jive/thread.jspa?threadID=64615&tstart=45
http://docs.sun.com/app/docs/doc/819-2252/pam-roles-5?a=view
Now i have tuned the /etc/pam.conf by adding following,
"sshd-hostbased account requisite pam_roles.so.1 allow_remote debug".
and assigned the role "neo" to user "test" on node1, now contents of
/etc/user_attr file on node1is:
neo::::type=role;defaultpriv=basic,dtrace_kernel,dtrace_proc,proc_owner,dtrace_user
test::::type=normal;roles=neo
Now from node2 being a user "test", i tried login to node1 as role "neo".
ssh -l neo node1
passwd: <still its asking me the password>
I have no idea why it's asking me for the password, it should allow me to
login to node1 without asking password. please help me in this.
here i am pasting the debug report:
-------------------------------------------------------------------------------------
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.info] Failed hostbased for
test from 180.144.67.27 port 33523 ssh2
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1:
userauth-request for user test service ssh-connection method hostbasedSep 24
22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1: attempt 2 initial
attempt 0 failures 2 initial failures 0
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
input_userauth_request: try method hostbased
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1:
userauth_hostbased: cuser neo chost node2. pkalg ssh-rsa slen 143
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
userauth_hostbased: chost node2. resolvedname node2 ipaddr 180.144.67.27
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2: stripping
trailing dot from chost node2.
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2: auth_rhosts2:
clientuser neo hostname node2 ipaddr 180.144.67.27
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1:
temporarily_use_uid: 60003/1 (e=0/0)
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1: restore_uid:
0/0
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
userauth_hostbased: access allowed by auth_rhosts2
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug3:
check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug3:
check_host_in_hostfile: match line 1
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
check_key_in_hostfiles: key ok for node2
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1:
ssh_rsa_verify: signature correct
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2: Starting PAM
service sshd-hostbased for method hostbased
Sep 24 22:37:51 node1 sshd[18429]: [ID 708005 auth.debug]
pam_roles:pam_sm_acct_mgmt: service = sshd-hostbased user = test ruser = not
set rhost = node2
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
userauth_hostbased: authenticated 0
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.notice] Failed hostbased for
test from 180.144.67.27 port 33523 ssh2
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1:
userauth-request for user test service ssh-connection method publickeySep 24
22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug1: attempt 3 initial
attempt 0 failures 3 initial failures 0
Sep 24 22:37:51 node1 sshd[18429]: [ID 800047 auth.debug] debug2:
input_userauth_request: try method publickey
-----------------------------------------------------------------------
--
This message posted from opensolaris.org
_______________________________________________
opensolaris-discuss mailing list
[email protected]
