From owner-freebsd-security Wed Jun 26 5: 9:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from ds.express.ru (ds.express.ru [212.24.32.7]) by hub.freebsd.org (Postfix) with ESMTP id 1067737B400 for ; Wed, 26 Jun 2002 05:09:52 -0700 (PDT) Received: from localhost.express.ru ([127.0.0.1] helo=localhost) by ds.express.ru with esmtp (Exim 2.12 #8) id 17NBcL-000Efh-00 for security@FreeBSD.ORG; Wed, 26 Jun 2002 16:09:49 +0400 Date: Wed, 26 Jun 2002 16:09:49 +0400 (MSD) From: Maxim Kozin To: security@FreeBSD.ORG Subject: Re: openssh-portable and s/key passwords In-Reply-To: <3D19A714.6000408@cerint.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I'm not sure if it's relevant to FreeBSD but debian advisory > http://www.debian.org/security/2002/dsa-134 > says: > > * keyboard interactive authentication does not work with privilege seperation. > Most noticable for Debian users this breaks PAM modules which need a PAM conversation > function (like the OPIE module). Problem: setup openssh + pam(some self-write module) When I don't create full chroot enviromnet in /usr/local/empty, sshd -d -d -d fail in start_pam. All symbol in my_pam.so must be resolved on privsep step, because copy in chroot all need libs,/etc/pam.conf and /etc/passwd Now I can see, that pam started, make succefuly auth. BUt session disconected with diagnostic: debug3: monitor_read: checking request 24 debug3: mm_send_keystate: Finished sending state monitor_read: unsupported request: 24 debug1: Calling cleanup 0x806d98c(0x0) "Request type 24" is some about tty/pty ? b.r. Kozin Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message