Date: Sat, 4 Aug 2012 16:56:56 GMT From: Dmitry Kazarov <d.y.kazarov@mail.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/170373: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key Message-ID: <201208041656.q74GuuM1038188@red.freebsd.org> Resent-Message-ID: <201208041700.q74H0KaC041748@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 170373 >Category: misc >Synopsis: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 04 17:00:19 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Dmitry Kazarov >Release: 9.1-PRERELEASE >Organization: >Environment: FreeBSD Trudiaga.localdomain 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Sun Jul 29 04:54:44 MSK 2012 root@Trudiaga.localdomain:/var/obj/usr/src/sys/GENERIC amd64 >Description: Since revision 1.47.2.2 pam_ssh began to request for PEM password after SSH passphrase: FreeBSD/amd64 (Trudiaga.localdomain) (ttyv4) login: user SSH passphrase: Enter PEM pass phrase: Last login: Sat Aug 4 13:29:36 on ttyv4 And any key sequence could be specified for successful login. This behavior breaks xscreensaver - it no more capable to unlock screen since request for PEM pass is not handled by it. >How-To-Repeat: >Fix: --- pam_ssh.c.orig 2011-12-11 20:57:27.000000000 +0400 +++ pam_ssh.c 2012-08-04 20:56:18.000000000 +0400 @@ -110,7 +110,7 @@ * with an empty passphrase, and if the key is not encrypted, * accept only an empty passphrase. */ - key = key_load_private(fn, NULL, &comment); + key = key_load_private(fn, "", &comment); if (key != NULL && !(*passphrase == '\0' && nullok)) { key_free(key); return (NULL); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208041656.q74GuuM1038188>