Date: Wed, 26 Jun 2002 15:19:26 +0300 From: Peter Pentchev <roam@ringlet.net> To: Maxim Kozin <madmax@express.ru> Cc: security@FreeBSD.ORG Subject: Re: openssh-portable and s/key passwords Message-ID: <20020626121924.GH355@straylight.oblivion.bg> In-Reply-To: <Pine.BSF.4.05.10206261545280.25413-100000@ds.express.ru> References: <3D19A714.6000408@cerint.pl> <Pine.BSF.4.05.10206261545280.25413-100000@ds.express.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--LiQwW4YX+w4axhAx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 26, 2002 at 04:09:49PM +0400, Maxim Kozin wrote: > > I'm not sure if it's relevant to FreeBSD but debian advisory > > http://www.debian.org/security/2002/dsa-134 > > says: > >=20 > > * keyboard interactive authentication does not work with privilege se= peration. > > Most noticable for Debian users this breaks PAM modules which need a PA= M conversation > > function (like the OPIE module). >=20 > Problem: setup openssh + pam(some self-write module) > When I don't create full chroot enviromnet in /usr/local/empty,=20 > sshd -d -d -d fail in start_pam. > All symbol in my_pam.so must be resolved on privsep step, because > copy in chroot all need libs,/etc/pam.conf and /etc/passwd > Now I can see, that pam started, make succefuly auth. > BUt session disconected with diagnostic: > debug3: monitor_read: checking request 24 > debug3: mm_send_keystate: Finished sending state > monitor_read: unsupported request: 24 > debug1: Calling cleanup 0x806d98c(0x0) >=20 > "Request type 24" is some about tty/pty ? Could you try creating the tty* and possibly the pty* device nodes in the chroot environment's /dev? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying. --LiQwW4YX+w4axhAx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9GbFM7Ri2jRYZRVMRAqkVAJwJZtcKKLE2xjEexyaKRS/ea86VcwCgtwN7 DpQpoEC7d9u+pt88eUOyrgY= =7PPG -----END PGP SIGNATURE----- --LiQwW4YX+w4axhAx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626121924.GH355>