From owner-freebsd-questions@FreeBSD.ORG Mon Oct 14 09:11:37 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id BC2AD3F6 for ; Mon, 14 Oct 2013 09:11:37 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1F8712615 for ; Mon, 14 Oct 2013 09:11:36 +0000 (UTC) Received: from [192.168.1.35] (host86-163-34-162.range86-163.btcentralplus.com [86.163.34.162]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id r9E9BYQJ015441 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Mon, 14 Oct 2013 10:11:34 +0100 (BST) (envelope-from frank2@fjl.co.uk) Message-ID: <525BB546.1040309@fjl.co.uk> Date: Mon, 14 Oct 2013 10:11:34 +0100 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Authorisation Errors on 9.2 References: <1381684110517-5851543.post@n5.nabble.com> <525AF4F5.2080209@fjl.co.uk> <1381729068425-5851636.post@n5.nabble.com> In-Reply-To: <1381729068425-5851636.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2013 09:11:37 -0000 On 14/10/2013 06:37, Beeblebrox wrote: > Hi, > I Inadvertently posted the gnome-keyring bit. That's almost standard error > message on FreeBSD-Gnome. The relevant bit for the error is in fact: > slim: gkr-pam: no password is available for user > However, the user cannot login on a tty without providing a password. > > For ssh, the same error and dropped connection occurs for all users. sshd > was modified to allow root login. All users have valid home directories > defined. From /etc/passwd; I wonder if this has anything to do with it? > sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/*nologin* > >>> Could it be a dud /root/.tcshrc? Or /etc/login.conf? > The accounts which try to ssh login also login on host proper and do not > have any login issues when logging-in directly on host - so I think we can > eliminate these problems. > > I'm now really guessing - I've not tried 9.2-RELEASE. Given these things are usually really obvious when you finally spot them (it happens to me a lot, anyway), here are a few obvious things you could think of in case it helps. First off, ssh is different from a console login so what's in sshd_config matters. That said, the defaults generally work (or used to). In no particular order, in sshd_config: PasswordAuthentication must be "yes" KerberosOrLocalPasswd probably "yes" AllowUsers, AllowGroups, DenyUsers and DenyGroups need to be set correctly. ChrootDirectory - this could cause fun if it's set to something. Other things that might be interesting are UseLogin and UsePAM. If this was a fundamental problem with changed defaults in 9.2, I'm sure a lot more people would have complained. Regards, Frank.