Re: PAM and SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 24, 2003 at 06:41:43PM +0000, Jason Clifford wrote:
> On Mon, 24 Feb 2003, John Oliver wrote:
> 
> > > Do you have any logged debug/message output?
> > 
> > Nope.
> 
> Check the your /var/log/messages file for any ssh entries. These will tell 
> you what is causing the problem.

There *are* no entries for the login attempt in /var/log/messages or
/var/log/secure  If there were, I would have posted them.

> Do post the entries if you cannot work it out yourself from what they say 
> - but be sensible and don't post hundreds of lines of logs where only a 
> few are unique.

Puh-leeeease... :-)  I may be an idiot about *some* things, but that
ain't one of 'em... :-)

> > Dunno.  Does OpenSSH that comes with Red Hat come compiled with PAM?  I
> > didn't realize that it might not be... I thought all authentication with
> > Red Hat was handled through PAM.
> 
> Yes it is compiled for PAM authentication. 

OK, that makes me feel better.  I think...

> Have you made any changes to the /etc/ssh/sshd_config or /etc/pam.d/ssh 
> files?

No, I haven't.  Here's the /etc/pam.d/sshd:

#%PAM-1.0
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
account    sufficient   /lib/security/pam_winbind.so
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    sufficient   /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0077
#session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

The commented-out pam_limits line is because that was the one line that
was different from the login PAM file, and I wanted to test both ways.

One weird thing... after I got winbind authentication working (for
telnet and ftp, that is), I kept monkeying and poking and prodding,
trying to get SSH working.  On two machines out of 13 or so, it just
suddenly started working.  All of the config files I could find were
identical, though.  I've never touched the SSH config files, only the
PAM config.  And the files are literally identical... diff returns
nothing.

-- 
John Oliver, CCNA                            http://www.john-oliver.net/
Linux/UNIX/network consulting         http://www.john-oliver.net/resume/
***               sendmail, Apache, ftp, DNS, spam filtering         ***
****                Colocation, T1s, web/email/ftp hosting          ****



_______________________________________________

Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux