Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Aug 2012 16:56:56 GMT
From:      Dmitry Kazarov <d.y.kazarov@mail.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/170373: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key
Message-ID:  <201208041656.q74GuuM1038188@red.freebsd.org>
Resent-Message-ID: <201208041700.q74H0KaC041748@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         170373
>Category:       misc
>Synopsis:       after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 04 17:00:19 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Kazarov
>Release:        9.1-PRERELEASE
>Organization:
>Environment:
FreeBSD Trudiaga.localdomain 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Sun Jul 29 04:54:44 MSK 2012     root@Trudiaga.localdomain:/var/obj/usr/src/sys/GENERIC  amd64
>Description:
Since revision 1.47.2.2 pam_ssh began to request for PEM password after SSH passphrase:

FreeBSD/amd64 (Trudiaga.localdomain) (ttyv4)

login: user
SSH passphrase:
Enter PEM pass phrase:
Last login: Sat Aug  4 13:29:36 on ttyv4

And any key sequence could be specified for successful login.

This behavior breaks xscreensaver - it no more capable to unlock screen since request for PEM pass is not handled by it.
>How-To-Repeat:

>Fix:
--- pam_ssh.c.orig	2011-12-11 20:57:27.000000000 +0400
+++ pam_ssh.c	2012-08-04 20:56:18.000000000 +0400
@@ -110,7 +110,7 @@
 	 * with an empty passphrase, and if the key is not encrypted,
 	 * accept only an empty passphrase.
 	 */
-	key = key_load_private(fn, NULL, &comment);
+	key = key_load_private(fn, "", &comment);
 	if (key != NULL && !(*passphrase == '\0' && nullok)) {
 		key_free(key);
 		return (NULL);


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208041656.q74GuuM1038188>