From owner-freebsd-bugs@FreeBSD.ORG Tue Aug 26 04:00:38 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1904A16A4BF for ; Tue, 26 Aug 2003 04:00:38 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8389C44060 for ; Tue, 26 Aug 2003 04:00:35 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7QB0ZUp054923 for ; Tue, 26 Aug 2003 04:00:35 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7QB0ZtU054910; Tue, 26 Aug 2003 04:00:35 -0700 (PDT) Resent-Date: Tue, 26 Aug 2003 04:00:35 -0700 (PDT) Resent-Message-Id: <200308261100.h7QB0ZtU054910@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "James F. Hranicky" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B180F16A4C0 for ; Tue, 26 Aug 2003 03:53:02 -0700 (PDT) Received: from myrtle.cise.ufl.edu (myrtle.cise.ufl.edu [128.227.205.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30D1B43FBF for ; Tue, 26 Aug 2003 03:53:00 -0700 (PDT) (envelope-from jfh@myrtle.cise.ufl.edu) Received: from myrtle.cise.ufl.edu (localhost [127.0.0.1]) by myrtle.cise.ufl.edu (8.12.9/8.12.9) with ESMTP id h7QAr0Q6007606 for ; Tue, 26 Aug 2003 06:53:00 -0400 (EDT) (envelope-from jfh@myrtle.cise.ufl.edu) Received: (from jfh@localhost) by myrtle.cise.ufl.edu (8.12.9/8.12.9/Submit) id h7QAqxVW007605; Tue, 26 Aug 2003 06:52:59 -0400 (EDT) Message-Id: <200308261052.h7QAqxVW007605@myrtle.cise.ufl.edu> Date: Tue, 26 Aug 2003 06:52:59 -0400 (EDT) From: "James F. Hranicky" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: conf/55991: sshd: problems with HostBasedAuthentication and NSS compat mode X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "James F. Hranicky" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2003 11:00:38 -0000 >Number: 55991 >Category: conf >Synopsis: sshd: problems with HostBasedAuthentication and NSS compat mode >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 26 04:00:34 PDT 2003 >Closed-Date: >Last-Modified: >Originator: James F. Hranicky >Release: FreeBSD 5.1-CURRENT i386 >Organization: University of Florida CISE Department >Environment: System: FreeBSD myrtle 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Aug 11 17:15:47 EDT 2003 root@myrtle:/private/freebsd-src/obj/private/freebsd-src/src/sys/CISEKERN i386 >Description: When using HostBasedAuthentication with sshd and NSS compat mode, there are problems during login. When /etc/netgroup is non-existent, empty, or containing a '+', sshd hangs forever at the following place: debug1: KEX done debug1: userauth-request for user jfh service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "jfh" debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu" Failed none for jfh from 128.227.205.52 port 64977 ssh2 Failed none for jfh from 128.227.205.52 port 64977 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 1 failures 1 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55 Failed hostbased for jfh from 128.227.205.52 port 64977 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 2 failures 2 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-rsa slen 143 Failed hostbased for jfh from 128.227.205.52 port 64977 ssh2 debug1: userauth-request for user jfh service ssh-connection method keyboard-interactive debug1: attempt 3 failures 3 debug1: keyboard-interactive devs debug1: auth2_challenge: user=jfh devs= debug1: kbdint_alloc: devices 'pam' debug1: auth2_challenge_start: trying authentication method 'pam' Program received signal SIGINT, Interrupt. 0x282e987f in read () at {standard input}:15 15 {standard input}: No such file or directory. in {standard input} Current language: auto; currently asm (gdb) where #0 0x282e987f in read () at {standard input}:15 #1 0x281409ab in atomicio (f=0x5, fd=-1077940272, _s=0xbfbfeff8, n=674583073) at /private/freebsd-src/src/crypto/openssh/atomicio.c:45 #2 0x281286a9 in ssh_msg_recv (fd=5, m=0xbfbfefd0) at /private/freebsd-src/src/crypto/openssh/msg.c:58 #3 0x08062bb5 in pam_query (ctx=0x807a870, name=0x7, info=0x7, num=0xbfbff024, prompts=0xbfbff028, echo_on=0xbfbff02c) at /private/freebsd-src/src/crypto/openssh/auth2-pam-freebsd.c:397 #4 0x0805ef2a in mm_answer_pam_query (socket=3, m=0xbfbff060) at /private/freebsd-src/src/crypto/openssh/monitor.c:799 #5 0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070320, pent=0xbfbff0ac) at /private/freebsd-src/src/crypto/openssh/monitor.c:388 #6 0x0805e208 in monitor_child_preauth (pmonitor=0x8075580) at /private/freebsd-src/src/crypto/openssh/monitor.c:301 #7 0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605 #8 0x0805087a in main (ac=64977, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523 #9 0x0804e1a2 in _start (ap=0xbfbffaf0 "/usr/sbin/sshd") at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104 ssh on the client side never prompts for a password. When /etc/netgroup contains valid data (i.e., "ypcat -k netgroup > /etc/netgroup"), sshd coredumps: debug1: KEX done debug1: userauth-request for user jfh service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "jfh" debug1: PAM: setting PAM_RHOST to "waterspout.cise.ufl.edu" Failed none for jfh from 128.227.205.52 port 47968 ssh2 Failed none for jfh from 128.227.205.52 port 47968 ssh2 debug1: userauth-request for user jfh service ssh-connection method hostbased debug1: attempt 1 failures 1 debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg ssh-dss slen 55 Program received signal SIGSEGV, Segmentation fault. 0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0) at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231 (gdb) where #0 0x2830d7d7 in getnetgrent (hostp=0x80db2b0, userp=0x80db2b0, domp=0x80db2b0) at /private/freebsd-src/src/lib/libc/gen/getnetgrent.c:231 #1 0x2830cfdd in compat_passwd (retval=0xbfbfee28, mdata=0x2, ap=0x4 ) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:1531 #2 0x2833091b in _nsdispatch (retval=0xbfbfee28, disp_tab=0x28362020, database=0x2835bd87 "passwd", method_name=0x2835bdad "getpwuid_r", defaults=0x28361ec0) at /private/freebsd-src/src/lib/libc/net/nsdispatch.c:601 #3 0x2830aa95 in getpwuid_r (uid=135115440, pwd=0x28369580, buffer=0x80db2b0 , bufsize=135115440, result=0xbfbfee28) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:332 #4 0x2830ac9b in wrap_getpwuid_r (key= {name = 0x80db2b0 , uid = 135115440}, pwd=0x80db2b0, buffer=0x80db2b0 , bufsize=135115440, res=0x80db2b0) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:406 #5 0x2830ab9b in getpw (fn=0x2830ac60 , key={name = 0xbfbfee28 "", uid = 3217026600}) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:377 #6 0x2830ad49 in getpwuid (uid=135115440) at /private/freebsd-src/src/lib/libc/gen/getpwent.c:434 #7 0x2812df7f in tilde_expand_filename (filename=0x8068d41 "/.ssh/known_hosts", my_uid=135115440) at /private/freebsd-src/src/crypto/openssh/tildexpand.c:48 #8 0x08056be6 in check_key_in_hostfiles (pw=0x8079400, key=0x8089100, host=0x808c160 "waterspout.cise.ufl.edu", sysfile=0x80db2b0 , userfile=0x8068d40 "~/.ssh/known_hosts") at /private/freebsd-src/src/crypto/openssh/auth.c:389 #9 0x080620df in hostbased_key_allowed (pw=0x8079400, cuser=0x80890e0 "jfh", chost=0x808c1c0 "waterspout.cise.ufl.edu", key=0x8089100) at /private/freebsd-src/src/crypto/openssh/auth2-hostbased.c:164 #10 0x0805f410 in mm_answer_keyallowed (socket=135115440, m=0xbfbff070) at /private/freebsd-src/src/crypto/openssh/monitor.c:909 #11 0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070344, pent=0xbfbff0bc) at /private/freebsd-src/src/crypto/openssh/monitor.c:388 #12 0x0805e208 in monitor_child_preauth (pmonitor=0x8075580) at /private/freebsd-src/src/crypto/openssh/monitor.c:301 #13 0x0804ed1f in privsep_preauth () at /private/freebsd-src/src/crypto/openssh/sshd.c:605 #14 0x0805087a in main (ac=47968, av=0x807a7b0) at /private/freebsd-src/src/crypto/openssh/sshd.c:1523 #15 0x0804e1a2 in _start (ap=0xbfbffb00 "/usr/sbin/sshd") at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104 I have the trusted netgroup in /etc/hosts.equiv. I have the following in /etc/nsswitch.conf: passwd: compat group: compat >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: