--4C6bbPZ6c/S1npyF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 06, 2002 at 09:33:32AM -0700, light storm wrote: > About the first possibility .. is there a way to check if the pam > module 'pam_unix.so' supports (freebsd) md5 encryption ? Sure... by giving a user a password that's been encrypted this way, and testing to see if you can still use pam_unix to authenticate that user to a simple PAM-enabled service. OpenSSH probably doesn't count as a 'simple PAM-enabled service', though login probably does. > Second possibility .. after changing the pass of testuser (md5) and of > another user and tried just a plain login from the console it works, > login uses pam authentication ... This is with pam_unix in your /etc/pam.d/login, and with a freebsd md5 password for the user that you're logging in as? I think the key still lies in seeing what pam_unix is sending to syslog when the logins are failing. Steve Langasek postmodern programmer > > Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh = + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@r= edhat.com > >Date: Mon, 6 May 2002 11:26:05 -0500 > > > >On Mon, May 06, 2002 at 08:52:41AM -0700, light storm wrote: > >> Hello Steve,all > > > >> I added the debug option the password rule and the auth rule in the > >> sshd pam file, but as far as i can see nothing was sent to the logs, i > >> mean messages and warn logs, unless i should check some other log > >> which i cannot see at the moment ?? > > > >You would need to check your /etc/syslog.conf to see where -- if > >anywhere -- auth.* messages are currently being sent. On my machine, > >that's /var/log/auth and /var/log/debug. > > > >> But i think i found the problem but if it is real then i still don't > >> know what i can do: > > > >> I changed the password of the user 'testuser' with some other tool > >> which doesn't create md5 passwords.=20 > > > >> Then i tried again ssh and now i can login, but 2 things i conclude > >> now: 1. ssh lets me , i only need the first 8 chars to enter > >> 2. it seems that when it's md5 encrypted then authentication > >> fails. > > > >If using traditional crypt passwords, only the first 8 characters of the > >password are encrypted. > > > >> debug1: PAM Password authentication accepted for user "testuser" > >> Accepted password for testuser from 192.168.200.30 port 33030 ssh2 > >> debug1: Entering interactive session for SSH2. > > > >A couple possibilities I can think of: > > > >The pam_unix module you're using doesn't support md5 passwords. > > > >The password you had for testuser was not a valid md5 hash, causing > >authentication to fail. > > > >The testuser account was expired, and PAM was requiring a password > >change, but the password change was failing. > > > >To rule out the third possibility, I suggest setting a new md5 password > >for testuser and trying to ssh in again. > > > >Steve Langasek > >postmodern programmer > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.0.6 (GNU/Linux) > >Comment: For info see http://www.gnupg.org > > > >iD8DBQE81q6cKN6ufymYLloRAm5tAJsEXWRQqvwkHLLgvVovArcZYdPfOgCfZlOp > >4yPKUt6SYku4bG02nfJWwho=3D > >=3DAZN/ > >-----END PGP SIGNATURE----- >=20 >=20 > ------------------------------------------------------------ > Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com > AntiOnline - The Internet's Information Security Super Center! >=20 >=20 > --------------------------------------------------------------------- > Express yourself with a super cool email address from BigMailBox.com. > Hundreds of choices. It's free! > http://www.bigmailbox.com > --------------------------------------------------------------------- >=20 >=20 >=20 > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list --4C6bbPZ6c/S1npyF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE81sn/KN6ufymYLloRAg6DAJ44bntWMDJ59pcft9ZaWPVNQcjgjgCdEvBS 7EPQuWU9IdPfaQb5Xv+7YjU= =YQo5 -----END PGP SIGNATURE----- --4C6bbPZ6c/S1npyF--
