Hello steve,,, I am on this mailing list as well. Good to know someone familiar. Judy Stephen Smoogen wrote: > The main issues I have found with not being able to log in via SSH are > due to 1 of 2 problems. Passwords/accounts are via a kdc and the > /etc/pam.d/sshd does not look up in the correct place. Versions of > Openssh before 3.5p1 use pam_unix.so or pam_pwbd.so > > Try the following from openssh-3.5p1 > > #%PAM-1.0 > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > session required pam_limits.so > session optional pam_console.so > > The second problem we have found has been due to some extra data that > authconfig puts into system-auth. For our KDC environment it causes > accounts NOT to be able to log in. The offending line is > > account [default=bad success=ok user_unknown=ignore > service_err=ignore system_err=ignore] /lib/security/pam_krb5.so > > Changing this to > > account sufficient /lib/security/pam_krb5.so > > allowed ssh to log in, (plus cleared up some other issues with console > logins). > > If both of these suggestions are wrong, try the following. Run sshd on a > high port with increasing number of -d flags and try to narrow down > what is killing the authentication. > > sshd -p 9999 -d > > is what I did to figure out things over time. After that it was adding > debug flags to pam.d files. > > Hope this helps > Stephen > > On Mon, 2003-02-24 at 11:23, John Oliver wrote: > > On Mon, Feb 24, 2003 at 11:40:50AM -0500, TRUCKS, JESSE (SBCSI) wrote: > > > You didn't post what problem you are having. > > > > Well, I can't log on with SSH... :-) > > > > > Have you checked your pam configuration? > > > > I know *nothing* about PAM. I've "checked the config" by comparing to > > examples I find on the Internet. > > > > > Do you have any logged debug/message output? > > > > Nope. > > > > > Is SSH compiled to use PAM? > > > > Dunno. Does OpenSSH that comes with Red Hat come compiled with PAM? I > > didn't realize that it might not be... I thought all authentication with > > Red Hat was handled through PAM. > > > > -- > > John Oliver, CCNA http://www.john-oliver.net/ > > Linux/UNIX/network consulting http://www.john-oliver.net/resume/ > > *** sendmail, Apache, ftp, DNS, spam filtering *** > > **** Colocation, T1s, web/email/ftp hosting **** > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list > > > -- > Stephen John Smoogen smoogen@lanl.gov > Los Alamos National Labrador CCN-2 B-Schedule PH: > Ta-03 SM-261 MailStop P208 DP 17U Los Alamos, NM 87545 > -- So shines a good deed in a weary world. = Willy Wonka -- > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
begin:vcard n:Hamilton;Judy tel;pager:104-6384 tel;work:505-665-8228 x-mozilla-html:FALSE org:Unix System Network Administrator adr:;;;;;; version:2.1 email;internet:judy@lanl.gov title:Los Rios/Sierra Information System Security Officer fn:Judy Hamilton end:vcard
