I have run into the following when attempting to ssh to an AIX 6.1 system running OpenSSH 5.5p1/Openssl 1.0.0a (with PAM support enabled) and Quest Authentication Services (QAS) 3.5.2.18: ---------------------------------------------------------------------------------------------------------------------- Could not chdir to home directory /export/home/user: The file access permissions do not allow the specified action. ---------------------------------------------------------------------------------------------------------------------- The home directory is on a Solaris (10) NFS3 share. The same user is able to login and obtain their home directory from both Solaris and Linux clients without any issues. The permissions on the home directory are 755. The error does _not_ occur when logging in from the AIX console. In either case, “id user” produces the correct results for UID and GID. /usr/local/etc/sshd_config has been configured with “UsePAM yes” /etc/pam.conf has been updated to support the QAS PAM module: <snip> sshd auth sufficient pam_vas3.so get_nonvas_pass store_creds debug trace sshd auth requisite pam_vas3.so echo_return debug trace sshd auth required /usr/lib/security/pam_aix use_new_state use_first_pass sshd account sufficient pam_vas3.so sshd account requisite pam_vas3.so echo_return sshd account required /usr/lib/security/pam_aix sshd password sufficient pam_vas3.so sshd password requisite pam_vas3.so echo_return sshd password required /usr/lib/security/pam_aix sshd session required pam_vas3.so sshd session requisite pam_vas3.so echo_return sshd session required /usr/lib/security/pam_aix </snip> On the AIX client auto_master & auto_home are like this: # Master map for automounter # +auto_master /export/home auto_home -nobrowse # Home directory map for automounter # +auto_home * -rw 1.1.1.1:/export/home/& The following is an edited portion of the output from a debug (-ddd) server session, prior to the client logging out: <snip> Accepted keyboard-interactive/pam for <user> from 1.1.1.1 port 39042 ssh2 debug3: mm_do_pam_account returning 1 debug3: mm_send_keystate: Sending new keys: 2002e138 2002df78 debug3: mm_newkeys_to_blob: converting 2002e138 debug3: mm_newkeys_to_blob: converting 2002df78 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug3: AIX/setauthdb set registry 'VAS' debug3: aix_restoreauthdb: restoring old registry '' debug1: monitor_child_preauth: <user> has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug3: mm_newkeys_from_blob: 200655e8(118) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 200655e8(118) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug1: PAM: establishing credentials debug3: PAM: opening session User child is on pid 278536 debug3: mm_request_receive entering debug1: PAM: establishing credentials debug3: AIX/UsrInfo: set len 29 debug1: permanently_set_uid: 2000/2000 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 9 setting O_NONBLOCK debug2: fd 10 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 25 debug3: monitor_read: checking request 25 debug3: mm_answer_pty entering debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug3: AIX/setauthdb set registry 'VAS' debug3: aix_restoreauthdb: restoring old registry '' Writing login record failed for <user> debug3: mm_request_send entering: type 26 debug1: session_pty_req: session 0 alloc /dev/pts/0 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell setsid: Operation not permitted. debug2: fd 3 setting TCP_NODELAY debug2: channel 0: rfd 13 isatty debug2: fd 13 setting O_NONBLOCK debug3: fd 11 is O_NONBLOCK debug3: mm_answer_pty: tty /dev/pts/0 ptyfd 5 debug3: mm_request_receive entering debug1: Received SIGCHLD. debug1: session_by_pid: pid 339980 debug1: session_exit_message: session 0 channel 0 pid 339980 debug2: channel 0: request exit-status confirm 0 debug1: session_exit_message: release channel 0 debug2: channel 0: write failed debug2: channel 0: close_write debug2: channel 0: send eow debug2: channel 0: output open -> closed debug3: mm_request_send entering: type 27 debug2: channel 0: read<=0 rfd 13 len -1 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed debug2: channel 0: send close debug2: notify_done: reading debug3: channel 0: will not send data after close debug2: channel 0: rcvd close Received disconnect from 1.1.1.1: 11: disconnected by user debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug3: monitor_read: checking request 27 debug3: mm_answer_pty_cleanup entering debug1: session_by_tty: session 0 tty /dev/pts/0 debug3: mm_session_close: session 0 pid 278536 debug3: mm_session_close: tty /dev/pts/0 ptyfd 5 debug1: session_pty_cleanup: session 0 release /dev/pts/0 debug3: session_unused: session id 0 unused debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: closing session debug1: PAM: deleting credentials debug3: PAM: sshpam_thread_cleanup entering </snip> I would appreciate any assistance. Regards, John
