From owner-freebsd-stable Mon Jul 22 13:37:27 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B2BD37B400 for ; Mon, 22 Jul 2002 13:37:24 -0700 (PDT) Received: from verdi.nethelp.no (verdi.nethelp.no [194.19.15.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 87BFF43E3B for ; Mon, 22 Jul 2002 13:37:22 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 4898 invoked by uid 1001); 22 Jul 2002 20:37:19 +0000 (GMT) To: Gerhard.Sittig@gmx.net Cc: freebsd-stable@freebsd.org Subject: Re: PAM... HELP!! From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 22 Jul 2002 21:50:28 +0200" References: <20020722215028.D1494@shell.gsinet.sittig.org> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 22 Jul 2002 22:37:19 +0200 Message-ID: <4896.1027370239@verdi.nethelp.no> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > Hi, I recently did a make world on a remote system, and now find myself > > > locked out, apart from one SSH connection I left running, however, dialups > > > don't last forever and I will have to close that connection soon. Is there > > > any way I can get SSH to work around PAM for the meantime, and is this > > > problem fixed yet (a desparate cvsup is now in progress) > > > > What worked for me: > > > > - install new /etc/pam.conf (from /usr/src/etc/pam.conf) > > - install new /etc/ssh/sshd_config (from /usr/src/crypto/openssh/sshd_config) > > This is another way of saying "I ran mergemaster". Except this is quite a bit quicker. > > - restart the running master sshd (/usr/sbin/sshd) > > This is another way of saying "I started sshd after running > mergemaster in single user mode". Please note what the original writer said - remote login, only one SSH connection left. In this case, mergemaster in single user mode is not an alternative. > To sum it up: The sequence of steps from UPDATING is correct > and doesn't show the problem. Those who insist in doing things > in a different way should be prepared to meet failures and are > expected to (be able to) help themselves out. (yes, I can > certainly be considered a smartass:) I tried to answer based on having seen the same problem myself, and what I did to solve it. I can well believe that following the steps in UPDATING would have worked if used from the start - but it's not always an alternative when you are locked out. > One might get away often times without running single user mode. > But one should be prepared when it doesn't work. There is a > reason for the suggested procedure (often explained and easily > found in the archive, search for "updat" or "single user" and > "colo" or "remote"). Remote upgrade (without single user, only a network connection) has been a lifesaver for me many times, and I certainly plan to continue doing upgrades this way. Yes, I am indeed prepared for the occasional failure - but as long as it works for me in 95% or 99% of the cases, it saves me a lot of time and frustration. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message