From owner-freebsd-current Mon Feb 3 5:14:57 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D40F637B401; Mon, 3 Feb 2003 05:14:55 -0800 (PST) Received: from gold.he.net (gold.he.net [216.218.149.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19D6143F75; Mon, 3 Feb 2003 05:14:55 -0800 (PST) (envelope-from daver@gomerbud.com) Received: from tombstone.localnet.gomerbud.com (adsl-64-166-166-224.dsl.snlo01.pacbell.net [64.166.166.224]) by gold.he.net (8.8.6/8.8.2) with ESMTP id FAA00929; Mon, 3 Feb 2003 05:14:47 -0800 Received: by tombstone.localnet.gomerbud.com (Postfix, from userid 1001) id F18D122D; Mon, 3 Feb 2003 05:14:46 -0800 (PST) Date: Mon, 3 Feb 2003 05:14:46 -0800 From: "David P. Reese Jr." To: "Jacques A. Vidrine" Cc: current@FreeBSD.org Subject: Re: pam is chatty when logging in via ssh Message-ID: <20030203131446.GA95050@tombstone.localnet.gomerbud.com> References: <20030203095445.GA93804@tombstone.localnet.gomerbud.com> <20030203121303.GC69322@opus.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030203121303.GC69322@opus.celabo.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Feb 03, 2003 at 06:13:03AM -0600, Jacques A. Vidrine wrote: > On Mon, Feb 03, 2003 at 01:54:45AM -0800, David P. Reese Jr. wrote: > > On current as of about four hours ago, sshd spits the following to the console > > after a successful login: > > > > Feb 3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 24 > > > > It seems harmless, but pam doesnt sound happy. I did notice that mergemaster > > updated /etc/pam/sshd by adding some krb5 lines. > > That's odd. Assuming that pam_krb5 is the module which is returning > `24', I fixed that 4 days ago (Wed Jan 29 21:20:38 2003 UTC). Are you > certain you have rebuilt pam_krb5? What is the output of `ident > /usr/lib/pam_krb5.so' (should show revision 1.13 or later). I cvsuped again to get des's recent changes and built world. After a fresh install, when trying to ssh in i get: Feb 3 05:02:36 metropolis sshd[3695]: in openpam_load_module(): no pam_krb5.so found Feb 3 05:02:36 metropolis sshd[3695]: fatal: PAM: initialisation failed It seems that {build,install}world forgot about pam_krb5. [daver@metropolis:~]$ ll /usr/lib/pam_krb5* ls: /usr/lib/pam_krb5*: No such file or directory [daver@metropolis:~]$ cd /usr/src/lib/libpam/modules/pam_krb5/ [daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ sudo make clean obj all install ... [snip] ... [daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ ll /usr/lib/pam_krb5* lrwxr-xr-x 1 root wheel 13 Feb 3 05:05 /usr/lib/pam_krb5.so@ -> pam_krb5.so.2 -r--r--r-- 1 root wheel 19432 Feb 3 05:05 /usr/lib/pam_krb5.so.2 Then we try to ssh into the machine and, Feb 3 05:08:14 metropolis sshd[3750]: in openpam_load_module(): no pam_krb5.so found Feb 3 05:08:14 metropolis sshd[3750]: fatal: PAM: initialisation failed [daver@metropolis:~]$ ident /usr/lib/pam_krb5.so|grep pam_krb5 /usr/lib/pam_krb5.so: $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.15 2003/02/03 09:45:41 des Exp $ > The `four hours' does indeed correspond to DES's enabling of pam_krb5 > by default in etc/pam.d/sshd. As a workaround, i can disable krb5 by commenting out the two lines in /etc/pam.d/sshd which contain pam_krb5.so. Then ssh works just fine. -- David P. Reese Jr. daver@gomerbud.com -------------------------------------------------------------------------- C You shoot yourself in the foot. Assembler You try to shoot yourself in the foot, only to discover you must first invent the gun, the bullet, the trigger, and your foot. How to Shoot Yourself in the Foot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message