Re: [Oscar-devel] Mandriva 2006 status --> Regarding openssh

[Fernando Laudares Camargos]

Source: 
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/ssh/openssh_3.8.html
"There are several changes in OpenSSH 3.8 that you need to be aware of when 
migrating from an earlier version. As new things are discovered, they will be added 
to this page.

OpenSSH now checks for locked accounts by default. On Linux systems, locked 
accounts are defined as those that have !! in the password field of 
/etc/shadow. This is the default entry for accounts created with the useradd 
command. Even if you are using Kerberos authentication and do not need local 
passwords, sshd won't let the user login with this message:

Too many authentication failures for username

In the sshd debugging info it will indicate that the account is locked:

User username not allowed because account is locked

We suggest replacing !! with * or something similar."

The problems I'm fighting with openssh started exactly after version 3.6... 
That explains a lot of things, beyond them my lack of ability in doing internet 
research ;-)

Cheers,
Fernando

Fernando Laudares Camargos a écrit :
Hello all,

about the Mandriva 2006 status, I have the following comments to add:

Progress:
*I have a slightly modified trunk working, which includes success in the 
tests performed in step 8;
*the package 'compat-libgfortran', provided by Erich, do works, thus 
solving the problem I was having with the correct dependency problems 
related to gcc-gfortran (thanks Erich!)
*a few months ago, we discussed in the list the possible reasons why 
syslinux does not provide pxelinux.0 anymore; Brian's suggestion was 
right, it is now provided by a package named pxelinux, and the file is 
renamed linux.0 - we'll have to configure the script setup_pxe so it 
reaches this file (thanks Brian!).

Problems:
*during step 3, sometimes I have problems with the identification of my 
ip and network data. I found what is causing that this morning, and 
turns to be that Ganglia's edit_ganglia_conf file restart the network 
(as part of its procedure) right before that step (so network is down 
when the system searches for an address ip from ifconfig). I add a 
'sleep' time between the two actions and then all works fine, all the 
time. Also I don't think the route configuration is really working. I'll 
be watching for this soon.
*postfix is not beeing installed - this should be pretty simple to solve;
*finally, the main problem is still the new version from openssh, used 
in Mandriva 10.1 and Mandriva 2006. I did a lot of research about that 
but didn't found anything that should lead to the direct cause of this. 
I will write a complete report from everything I looked at, so to search 
for help from the openssh developers. The only thing I would like to 
add, at this point, is the following lines from the /var/log/messages 
file (node) when I try to connect to one node as oscartst user:
 Mar 20 14:27:12 fernando sshd[5993]: User oscartst not allowed because 
account is locked
 Mar 20 14:27:12 fernando sshd[5993]: Failed none for invalid user 
oscartst from 10.200.1.2 port 60460 ssh2
So, the user is beeing looked by default.

To-do:
*openSSH - I still have to configure the script ssh_install so to set 
the sshd_config file to PermitRootLogin.

As you can see, perhaps I would also benefit from a possible postpone of 
the code freeze :-)

Regards,

--
Fernando Laudares Camargos

     Révolution Linux	       
http://www.revolutionlinux.com	
---------------------------------------
* Tout opinion et prise de position exprimée dans ce message est celle de son 
auteur et pas nécessairement celle de Révolution Linux.
** Any views and opinion presented in this e-mail are solely those of the 
author and do not necessarily represent those of Révolution Linux.



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Oscar-devel mailing list
Oscar-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oscar-devel