From owner-freebsd-stable@FreeBSD.ORG Sun Feb 6 22:22:05 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C301116A4CE for ; Sun, 6 Feb 2005 22:22:05 +0000 (GMT) Received: from pop-a065d01.pas.sa.earthlink.net (pop-a065d01.pas.sa.earthlink.net [207.217.121.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E6D543D53 for ; Sun, 6 Feb 2005 22:22:05 +0000 (GMT) (envelope-from andrei@kableu.com) Received: from h-68-165-174-253.snvacaid.dynamic.covad.net ([68.165.174.253] helo=mail.kableu.com) by pop-a065d01.pas.sa.earthlink.net with esmtp (Exim 3.33 #1) id 1Cxun6-0002sx-00; Sun, 06 Feb 2005 14:22:04 -0800 Received: from warrior.kableu.com (warrior.kableu.com [192.168.0.1]) by mail.kableu.com (Postfix) with ESMTP id 113F6C0D9; Sun, 6 Feb 2005 14:22:04 -0800 (PST) Received: by warrior.kableu.com (Postfix, from userid 1001) id B011B11467; Sun, 6 Feb 2005 14:22:03 -0800 (PST) Date: Sun, 6 Feb 2005 14:22:03 -0800 From: Andrew Konstantinov To: "Bjoern A. Zeeb" Message-ID: <20050206222203.GA63042@warrior.kableu.com> References: <20050130084359.GA36069@warrior.kableu.com> <20050202070820.GA26302@warrior.kableu.com> <20050206061245.GA1774@warrior.kableu.com> <20050206090524.GA79029@warrior.kableu.com> <20050206205207.GA764@warrior.kableu.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i cc: freebsd-stable@freebsd.org Subject: Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root' X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Feb 2005 22:22:06 -0000 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 06, 2005 at 09:07:38PM +0000, Bjoern A. Zeeb wrote: > On Sun, 6 Feb 2005, Andrew Konstantinov wrote: >=20 > > On Sun, Feb 06, 2005 at 12:29:23PM -0800, Doug White wrote: > > > On Sun, 6 Feb 2005, Andrew Konstantinov wrote: > > > > > > > *Possible* exact reproduction steps: > > > > - install RELENG_5 > > > > - rebuild RELENG_5 with "NO_NIS=3Dtrue" in /etc/make.conf > > > > - restart sshd service > > > > > > Sorry, no dice. I had to set "PermitRootLogin yes" in > > > /etc/ssh/sshd_config but logging in as root with password succeeds wi= th no > > > login class warning. Upgraded from a RELENG_5 from yesterday to one a= bout > > > 90 minutes old. > > > > > > What is the contents of /etc/nsswitch.conf? bz is telling me that if = you > > > still have 'nis' in the lines in nsswitch and you compile with NO_NIS= that > > > you'll get wierd user lookup errors. > > > > > > Also what are the contents of /etc/make.conf? > > > > #--- The nsswitch.conf: > > group: compat > > group_compat: nis > > hosts: files dns > > networks: files > > passwd: compat > > passwd_compat: nis > > shells: files > > #---------------------- > > > > Hmm, I completely forgot about that one. :( I guess 'nis' should have b= een > > switched to 'files' whenever system is compiled with "NO_NIS=3Dtrue". >=20 > it's not documented - sorry, will do that. >=20 > change it to sth like: >=20 > group: files > hosts: files dns > networks: files > passwd: files > shells: files >=20 > w/o this change I can see sth like this when doing passwd auth: >=20 > 'sshd[1995]: NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, n= ot found' >=20 > But I suspect this will not help with your problem. Actually, that solves all the problems. Once I switched to your version of nsswitch.conf, all the "unknown class" bugs and multiple logging events have disappeared. > Did you change your login.conf? I always used the one that FreeBSD suplies, without any modifications. I ev= en copied it from /usr/src/ multiple times and rebuilt the database from it to ensure that it's not some sort of filesystem glitch. > Could you mail me (private mail please) the library with which you can > see the problems? libc.so.5 with debug symbols is on its way to bz@ As a sidenote: I definitely agree that it should be documented. Also, it's = my personal opinion, but perhaps its better to switch the default nsswitch.conf file to the one that doesn't contain "nis" as a lookup mechanism. It's much easier to add to the "NIS/YP" section in the handbook couple lines that tell the reader to modify /etc/nsswitch.conf to accomodate "NIS/YP" than documen= ting (I can't think of any appropriate section) that whenever a system is built = with "NO_NIS=3Dtrue" in the make file, the user should modify the /etc/nsswitch.= conf to accomodate the change. I realized that it's entirely my fault for not looking forward to the impact of "NO_NIS=3Dtrue", but still, I consider the= above described approach better. Andrew --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCBpiLg+6MtxSjexcRAgyGAKCRJSISbcotte/VXLI5U/ALcgIXggCfQj0s GJZMNhS3A6L3SwwFrwqAGz4= =lzBx -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--