Date: Thu, 19 Oct 2000 12:07:43 -0400 From: Erik Fichtner <emf@servervault.com> To: freebsd-questions@freebsd.org Subject: ssh, pam, and pam_radius Message-ID: <20001019120743.H365@servervault.com>
next in thread | raw e-mail | index | archive | help
Help. FreeBSD 4.1.1-STABLE's sshd will not listen to PAM. Step 1: we go into /usr/src/secure/usr.bin/sshd, and we add the following to the Makefile: CFLAGS+= -DHAVE_LIBPAM LDADD+= -lpam Now we type make. Whoops.. cc -O -pipe -DLIBWRAP -DLOGIN_ACCESS -DLOGIN_CAP -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DHAVE_LIBPAM -DSKEY -DNO_IDEA -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth1.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth1.c: In function `do_authloop': /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth1.c:161: syntax error before `int' *** Error code 1 Step 2: we comment out the offending int pam_retval at line 161 of auth1.c, as it's not referenced *anywhere*.. (which is a dramatically bad omen, if you ask me...) make. Yay. it builds. make install. ldd /usr/sbin/sshd /usr/sbin/sshd: libpam.so.1 => /usr/lib/libpam.so.1 (0x2808b000) libopie.so.2 => /usr/lib/libopie.so.2 (0x28094000) libmd.so.2 => /usr/lib/libmd.so.2 (0x2809d000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280a7000) libcrypto.so.1 => /usr/lib/libcrypto.so.1 (0x280bc000) libutil.so.3 => /usr/lib/libutil.so.3 (0x28178000) libz.so.2 => /usr/lib/libz.so.2 (0x28181000) libwrap.so.3 => /usr/lib/libwrap.so.3 (0x2818e000) libc.so.4 => /usr/lib/libc.so.4 (0x28196000) Mmm.. nice. it's got libpam built in now. So I add an "sshd auth required pam_radius.so debug" line to my pam.conf file. (and, by the way, pam_radius works just fine with login and ftpd, and yes, the "other" fallthrough is calling radius as well.) To make the long story short, sshd won't consult pam. It just goes right for the password file. So, what do I need to do to fix this? and why isn't this fixed for me already? pam and openssh cooperate just fine on other platforms. ;) Thanks .. -- Erik Fichtner Security Administrator, ServerVault, Inc. 703-333-5900 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001019120743.H365>