From owner-freebsd-security Sat Jul 8 11:52:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.everyday.cx (cr308584-a.wlfdle1.on.wave.home.com [24.114.52.208]) by hub.freebsd.org (Postfix) with ESMTP id BDF6F37BA2B for ; Sat, 8 Jul 2000 11:52:40 -0700 (PDT) (envelope-from webbie@everyday.cx) Received: from apollo (apollo.objtech.com [192.168.111.5]) by mail.everyday.cx (Postfix) with ESMTP id D781349A2; Sat, 8 Jul 2000 14:52:37 -0400 (EDT) Date: Sat, 8 Jul 2000 14:52:37 -0400 From: Webbie X-Mailer: The Bat! (v1.44) Personal Reply-To: Webbie X-Priority: 3 (Normal) Message-ID: <14651280467.20000708145237@everyday.cx> To: Jim Durham Cc: freebsd-security@freebsd.org Subject: Re: openssh and PAM In-reply-To: <39675126.D3CDCEAE@w2xo.pgh.pa.us> References: <39675126.D3CDCEAE@w2xo.pgh.pa.us> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Jim, I have the same experience as you do. PAM is only a method to specify how you want to verify the password. What you/me have done was to tell sshd not to bother with pam auth and just use the default freebsd password auth method, either MD5 or DES. So, I don't see a security problem here. Saturday, July 08, 2000, 12:04:54 PM, you wrote: JD> Since this applies to a system in another galaxy far far away, I'll JD> ask this here! JD> I was building openssh-2.1.1p2 with openssl-0.95a on a 3.3-RELEASE JD> box. (Yes, I know it's upgrade time, but it's a production system JD> and I'm replacing it soon). JD> The sshd daemon would not authenticate using the PAM stuff. I *did* JD> install the stuff from the contrib directory in the openssh sources JD> in /etc/pam.conf. JD> It was suggested by a posting elsewhere that it would work by configging JD> it with --without-pam. You then get a link error, which you can fix JD> with -lcrypt in the Makefile. JD> What sort of security compromise have I caused here? JD> Thanks... -- Webbie \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:webbie(at)everyday(dot)cx PGP Key : http://www.everyday.cx/pgpkey.txt PGP Fingerprint: 0B9F E081 35CD B9AF 58EA 7E43 38EC C84F 4AB4 792C +-------------------------------------------------------------------+ Dodge: Dead Or Dying Garbage Emitter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message