(btw, it's freebsd md5 in the shadow file, i assume pam recognizes that ?) > "light storm" <lightstorm@antionline.org> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com >Date: Mon, 6 May 2002 08:52:41 -0700 > >Hello Steve,all > >I added the debug option the password rule and the auth rule in the sshd pam file, but as far as i can see nothing was sent to the logs, i mean messages and warn logs, unless i should check some other log which i cannot see at the moment ?? > >But i think i found the problem but if it is real then i still don't know what i can do: > >I changed the password of the user 'testuser' with some other tool which doesn't create md5 passwords. > >Then i tried again ssh and now i can login, but 2 things i conclude now: 1. ssh lets me , i only need the first 8 chars to enter > 2. it seems that when it's md5 encrypted then authentication > fails. > >these are logs of what i just did to get in: > >[from the ssh remote side] > >debug1: PAM establishing creds > >Environment: > USER=testuser > LOGNAME=testuser > HOME=/home/testuser > PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/bin > MAIL=/var/mail/testuser > SHELL=/bin/bash > SSH_CLIENT= 192.168.200.30 33029 22 > SSH_TTY=/dev/pts/7 > TERM=kvt >debug3: channel_close_fds: channel 0: r -1 w -1 e -1 >testuser@sp32a:~ > > >[this is what sshd -d -d -d shows] >debug1: PAM Password authentication accepted for user "testuser" >Accepted password for testuser from 192.168.200.30 port 33030 ssh2 >debug1: Entering interactive session for SSH2. >debug1: fd 3 setting O_NONBLOCK >debug1: fd 7 setting O_NONBLOCK >debug1: server_init_dispatch_20 >debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 >debug1: input_session_request >debug1: channel 0: new [server-session] >debug1: session_new: init >debug1: session_new: session 0 >debug1: session_open: channel 0 >debug1: session_open: session 0: link with channel 0 >debug1: server_input_channel_open: confirm session >debug1: server_input_channel_req: channel 0 request pty-req reply 0 >debug1: session_by_channel: session 0 channel 0 >debug1: session_input_channel_req: session 0 req pty-req >debug1: Allocating pty. > > >Well, i hope we made some progress to a solution, please let me know if you need more information. > >Thanks ! > > > > > > > > >> Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com >>Date: Mon, 6 May 2002 09:29:48 -0500 >> >>On Fri, May 03, 2002 at 11:10:01AM -0700, light storm wrote: >> >>> First of all thanks for anytime you put in my problem, really >>> appreciate all the help cause i just don't see it :( >> >>> I'll paste here the additional information which might help solve this: >> >>> (note: openssh was compiled with pam support and md5 support) >> >>> sshd pam file for openssh in /etc/pam.d/ >> >>Have you checked your log files for anything that might tell you which >>PAM module is failing and why? pam_unix, at least, logs a fair amount >>of information to the syslog 'auth' facility, and more information is >>available if you add the 'debug' flag to the module arguments >> >> auth required /lib/security/pam_unix.so debug >> >>Your openssh debug output indicates that PAM is being invoked, and your >>PAM config file looks reasonable from what I can tell; so looking at >>logs would be the next step. >> >>> #%PAM-1.0 >>> auth required /lib/security/pam_unix.so # set_secrpc >>> auth required /lib/security/pam_nologin.so >>> auth required /lib/security/pam_env.so >>> account required /lib/security/pam_unix.so >> >>> password required /lib/security/pam_pwcheck.so md5 >> >>BTW, does pam_pwcheck.so really support this 'md5' argument? As a quick >>experiment, you might try removing it to see if that changes openssh's >>behavior -- though the effect on the authentication process of a >>misconfigured password module should really be minimal. >> >>Steve Langasek >>postmodern programmer >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.0.6 (GNU/Linux) >>Comment: For info see http://www.gnupg.org >> >>iD8DBQE81pNcKN6ufymYLloRAsbRAJ9lz57C+OSK/Ce+6SKAA3cvM/1W4gCgqGwe >>x0lGxmAyDge9lu2Hk30PpGE= >>=N6WS >>-----END PGP SIGNATURE----- > > >------------------------------------------------------------ >Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com >AntiOnline - The Internet's Information Security Super Center! > > >--------------------------------------------------------------------- >Express yourself with a super cool email address from BigMailBox.com. >Hundreds of choices. It's free! >http://www.bigmailbox.com >--------------------------------------------------------------------- > > > >_______________________________________________ > >Pam-list@redhat.com >https://listman.redhat.com/mailman/listinfo/pam-list ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! --------------------------------------------------------------------- Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com ---------------------------------------------------------------------
