On Mon, Feb 24, 2003 at 06:41:43PM +0000, Jason Clifford wrote: > On Mon, 24 Feb 2003, John Oliver wrote: > > > > Do you have any logged debug/message output? > > > > Nope. > > Check the your /var/log/messages file for any ssh entries. These will tell > you what is causing the problem. There *are* no entries for the login attempt in /var/log/messages or /var/log/secure If there were, I would have posted them. > Do post the entries if you cannot work it out yourself from what they say > - but be sensible and don't post hundreds of lines of logs where only a > few are unique. Puh-leeeease... :-) I may be an idiot about *some* things, but that ain't one of 'em... :-) > > Dunno. Does OpenSSH that comes with Red Hat come compiled with PAM? I > > didn't realize that it might not be... I thought all authentication with > > Red Hat was handled through PAM. > > Yes it is compiled for PAM authentication. OK, that makes me feel better. I think... > Have you made any changes to the /etc/ssh/sshd_config or /etc/pam.d/ssh > files? No, I haven't. Here's the /etc/pam.d/sshd: #%PAM-1.0 auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth account sufficient /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session sufficient /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0077 #session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so The commented-out pam_limits line is because that was the one line that was different from the login PAM file, and I wanted to test both ways. One weird thing... after I got winbind authentication working (for telnet and ftp, that is), I kept monkeying and poking and prodding, trying to get SSH working. On two machines out of 13 or so, it just suddenly started working. All of the config files I could find were identical, though. I've never touched the SSH config files, only the PAM config. And the files are literally identical... diff returns nothing. -- John Oliver, CCNA http://www.john-oliver.net/ Linux/UNIX/network consulting http://www.john-oliver.net/resume/ *** sendmail, Apache, ftp, DNS, spam filtering *** **** Colocation, T1s, web/email/ftp hosting **** _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list