openssh + pam authentication failing +md5.....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That's it.  I'm getting off this list.  Ever since I subscribed to it I'm
getting spammed like hell.  Most of the stuff is over my head anyway and
now some guy tells me I'm wasting space here.  No thanks.

On Sun, 12 May 2002, light storm wrote:

> Hello all,
> 
> Seems that the redhat guys don't give a shit about PAM problems despite that half of them is developing for PAM. They don't even respond on mail which was send more than 2 weeks ago. And from all the so called experts around only one person tried to help me, the rest are just wasting space on this list. Thought that Redhat cared about technical problems with their software in combination with PAM.
> Bunch of lamers, i'll fucking solve it myself some day, but for the rest i have no good word for this shit. Well i'm curious if other companies will continue with Redhat software if this is the way they 'try' to help ppl.
> 
> bad greetings,
> 
> Frank.
> 
> 
> 
> 
> 
> > "light storm" <lightstorm@antionline.org> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com
> >Date: Wed, 8 May 2002 12:06:02 -0700
> >
> >Hi Steve,all
> >
> >Just informing if some one might discovered what could be wrong ...
> >
> >Thanks..
> >
> >
> >> "light storm" <lightstorm@antionline.org> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com
> >>Date: Mon, 6 May 2002 11:15:19 -0700
> >>
> >>Hello Steve,
> >>
> >>Indeed, i forgot to see/remember that i use su and login with pam authentication, as i can see in the log when i su to root i see a rule saying pam authentication was successfull, i can check later exactly the msg but it was positive and it works, so do the md5 encrypted passwords in the shadow file with login (pam) etc...
> >>
> >>If pam seems to work with those ... then the question is why does ssh give trouble ? in the logs/debug info things seem to be fine imho ... 
> >>except the permission denied and 'pam authentication failed' msg's..
> >>
> >>I also tried to remove the 'shadow' from the two lines but still same problem. There is one thing i don't know exactly what it means, i saw it in one of the logs "socket address family protocol not supported" ... is that normal or does it have to do with the problem ?
> >>
> >>Hope we are now isolating the problem area...
> >>
> >>Thanks...
> >>
> >>
> >>
> >>
> >>
> >>
> >>> Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com
> >>>Date: Mon, 6 May 2002 13:22:56 -0500
> >>>
> >>>On Mon, May 06, 2002 at 09:33:32AM -0700, light storm wrote:
> >>>> About the first possibility .. is there a way to check if the pam
> >>>> module 'pam_unix.so' supports (freebsd) md5 encryption ?
> >>>
> >>>Sure... by giving a user a password that's been encrypted this way, and
> >>>testing to see if you can still use pam_unix to authenticate that user
> >>>to a simple PAM-enabled service.  OpenSSH probably doesn't count as a
> >>>'simple PAM-enabled service', though login probably does.
> >>>
> >>>> Second possibility .. after changing the pass of testuser (md5) and of
> >>>> another user and tried just a plain login from the console it works,
> >>>> login uses pam authentication ...
> >>>
> >>>This is with pam_unix in your /etc/pam.d/login, and with a freebsd md5
> >>>password for the user that you're logging in as?
> >>>
> >>>I think the key still lies in seeing what pam_unix is sending to syslog
> >>>when the logins are failing.
> >>>
> >>>Steve Langasek
> >>>postmodern programmer
> >>>
> >>>
> >>>> > Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com
> >>>> >Date: Mon, 6 May 2002 11:26:05 -0500
> >>>> >
> >>>> >On Mon, May 06, 2002 at 08:52:41AM -0700, light storm wrote:
> >>>> >> Hello Steve,all
> >>>> >
> >>>> >> I added the debug option the password rule and the auth rule in the
> >>>> >> sshd pam file, but as far as i can see nothing was sent to the logs, i
> >>>> >> mean messages and warn logs, unless i should check some other log
> >>>> >> which i cannot see at the moment ??
> >>>> >
> >>>> >You would need to check your /etc/syslog.conf to see where -- if
> >>>> >anywhere -- auth.* messages are currently being sent.  On my machine,
> >>>> >that's /var/log/auth and /var/log/debug.
> >>>> >
> >>>> >> But i think i found the problem but if it is real then i still don't
> >>>> >> know what i can do:
> >>>> >
> >>>> >> I changed the password of the user 'testuser' with some other tool
> >>>> >> which doesn't create md5 passwords. 
> >>>> >
> >>>> >> Then i tried again ssh and now i can login, but 2 things i conclude
> >>>> >> now:  1. ssh lets me , i only need the first 8 chars to enter
> >>>> >>       2. it seems that when it's md5 encrypted then authentication
> >>>> >>          fails.
> >>>> >
> >>>> >If using traditional crypt passwords, only the first 8 characters of the
> >>>> >password are encrypted.
> >>>> >
> >>>> >> debug1: PAM Password authentication accepted for user "testuser"
> >>>> >> Accepted password for testuser from 192.168.200.30 port 33030 ssh2
> >>>> >> debug1: Entering interactive session for SSH2.
> >>>> >
> >>>> >A couple possibilities I can think of:
> >>>> >
> >>>> >The pam_unix module you're using doesn't support md5 passwords.
> >>>> >
> >>>> >The password you had for testuser was not a valid md5 hash, causing
> >>>> >authentication to fail.
> >>>> >
> >>>> >The testuser account was expired, and PAM was requiring a password
> >>>> >change, but the password change was failing.
> >>>> >
> >>>> >To rule out the third possibility, I suggest setting a new md5 password
> >>>> >for testuser and trying to ssh in again.
> >>>> >
> >>>> >Steve Langasek
> >>>> >postmodern programmer
> >>>> >-----BEGIN PGP SIGNATURE-----
> >>>> >Version: GnuPG v1.0.6 (GNU/Linux)
> >>>> >Comment: For info see http://www.gnupg.org
> >>>> >
> >>>> >iD8DBQE81q6cKN6ufymYLloRAm5tAJsEXWRQqvwkHLLgvVovArcZYdPfOgCfZlOp
> >>>> >4yPKUt6SYku4bG02nfJWwho=
> >>>> >=AZN/
> >>>> >-----END PGP SIGNATURE-----
> >>>> 
> >>>> 
> >>>> ------------------------------------------------------------
> >>>> Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
> >>>> AntiOnline - The Internet's Information Security Super Center!
> >>>> 
> >>>> 
> >>>> ---------------------------------------------------------------------
> >>>> Express yourself with a super cool email address from BigMailBox.com.
> >>>> Hundreds of choices. It's free!
> >>>> http://www.bigmailbox.com
> >>>> ---------------------------------------------------------------------
> >>>> 
> >>>> 
> >>>> 
> >>>> _______________________________________________
> >>>> 
> >>>> Pam-list@redhat.com
> >>>> https://listman.redhat.com/mailman/listinfo/pam-list
> >>>-----BEGIN PGP SIGNATURE-----
> >>>Version: GnuPG v1.0.6 (GNU/Linux)
> >>>Comment: For info see http://www.gnupg.org
> >>>
> >>>iD8DBQE81sn/KN6ufymYLloRAg6DAJ44bntWMDJ59pcft9ZaWPVNQcjgjgCdEvBS
> >>>7EPQuWU9IdPfaQb5Xv+7YjU=
> >>>=YQo5
> >>>-----END PGP SIGNATURE-----
> >>
> >>
> >>------------------------------------------------------------
> >>Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
> >>AntiOnline - The Internet's Information Security Super Center!
> >>
> >>
> >>---------------------------------------------------------------------
> >>Express yourself with a super cool email address from BigMailBox.com.
> >>Hundreds of choices. It's free!
> >>http://www.bigmailbox.com
> >>---------------------------------------------------------------------
> >>
> >>
> >>
> >>_______________________________________________
> >>
> >>Pam-list@redhat.com
> >>https://listman.redhat.com/mailman/listinfo/pam-list
> >
> >
> >
> >
> >------------------------------------------------------------
> >Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
> >AntiOnline - The Internet's Information Security Super Center!
> >
> >
> >
> >_______________________________________________
> >
> >Pam-list@redhat.com
> >https://listman.redhat.com/mailman/listinfo/pam-list
> 
> 
> ------------------------------------------------------------
> Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
> AntiOnline - The Internet's Information Security Super Center!
> 
> 
> ---------------------------------------------------------------------
> Express yourself with a super cool email address from BigMailBox.com.
> Hundreds of choices. It's free!
> http://www.bigmailbox.com
> ---------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> 
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Izak Burger (iburger@cs.sun.ac.za)
http://www.cs.sun.ac.za/
Tel. +27 21 808 4863
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I don't want it all, I just want your half.





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux