https://bugzilla.mindrot.org/show_bug.cgi?id=2107
--- Comment #7 from Georg Hopp <[email protected]> --- But don't commit it right now... A moment ago I realized a problem that might relate to this or not. I am now able to ssh into the machines without a TGT and without a correct password. This might also be related to pam but I am not sure about this now. Anyway a su fails as expected. The auth log of a su with a wrong password: Feb 26 10:55:52 host su[9725]: pam_unix(su:auth): authentication failure; logname=ghopp uid=2001 euid=0 tty=/dev/pts/17 ruser=test rhost= user=ghopp Feb 26 10:55:52 host su[9725]: pam_sss(su:auth): system info: [Preauthentication failed] Feb 26 10:55:52 host su[9725]: pam_sss(su:auth): authentication failure; logname=ghopp uid=2001 euid=0 tty=/dev/pts/17 ruser=test rhost= user=ghopp Feb 26 10:55:52 host su[9725]: pam_sss(su:auth): received for user ghopp: 17 (Failure setting user credentials) Feb 26 10:55:54 host su[9725]: pam_authenticate: Permission denied Feb 26 10:55:54 host su[9725]: FAILED su for ghopp by test Feb 26 10:55:54 host su[9725]: - /dev/pts/17 test:ghopp The auth log of a su with the correct password: Feb 26 10:57:13 host su[9729]: pam_unix(su:auth): authentication failure; logname=ghopp uid=2001 euid=0 tty=/dev/pts/17 ruser=test rhost= user=ghopp Feb 26 10:57:14 host su[9729]: pam_sss(su:auth): authentication success; logname=ghopp uid=2001 euid=0 tty=/dev/pts/17 ruser=test rhost= user=ghopp Feb 26 10:57:14 host su[9729]: Successful su for ghopp by test Feb 26 10:57:14 host su[9729]: + /dev/pts/17 test:ghopp Feb 26 10:57:14 host su[9729]: pam_unix(su:session): session opened for user ghopp by ghopp(uid=2001) and the auth log of an ssh without a TGT and with a wrong password: Feb 26 10:58:05 host sshd[9736]: SSH: Server;Ltype: Version;Remote: 2001:4ba0:ffff:138:1::1000-42676;Protocol: 2.0;Client: OpenSSH_6.4p1-hpn14v2 Feb 26 10:58:06 host sshd[9736]: SSH: Server;Ltype: Kex;Remote: 2001:4ba0:ffff:138:1::1000-42676;Enc: aes128-ctr;MAC: [email protected];Comp: none [preauth] Feb 26 10:58:06 host sshd[9736]: SSH: Server;Ltype: Authname;Remote: 2001:4ba0:ffff:138:1::1000-42676;Name: ghopp [preauth] Feb 26 10:58:08 host sshd[9738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2001:4ba0:ffff:138:1::1000 user=ghopp Feb 26 10:58:09 host sshd[9738]: pam_sss(sshd:auth): system info: [Preauthentication failed] Feb 26 10:58:09 host sshd[9738]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2001:4ba0:ffff:138:1::1000 user=ghopp Feb 26 10:58:09 host sshd[9738]: pam_sss(sshd:auth): received for user ghopp: 17 (Failure setting user credentials) Feb 26 10:58:09 host sshd[9736]: Accepted keyboard-interactive/pam for ghopp from 2001:4ba0:ffff:138:1::1000 port 42676 ssh2 Feb 26 10:58:09 host sshd[9736]: pam_unix(sshd:session): session opened for user ghopp by (uid=0) Feb 26 10:58:09 host sshd[9740]: SSH: Server;Ltype: Kex;Remote: 2001:4ba0:ffff:138:1::1000-42676;Enc: aes128-ctr;MAC: [email protected];Comp: none After that I am on the machine. For me it looks like ssh accepts any password now. As no TGT is involved into this I guess that this can also be reproduced in a non kerberized environment. regards Georg -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
