From owner-freebsd-security Wed Jun 26 5:21: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id 2DEF637B400 for ; Wed, 26 Jun 2002 05:21:01 -0700 (PDT) Received: (qmail 76155 invoked by uid 85); 26 Jun 2002 12:32:25 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 26 Jun 2002 12:32:24 -0000 Received: (qmail 80197 invoked by uid 1000); 26 Jun 2002 12:19:27 -0000 Date: Wed, 26 Jun 2002 15:19:26 +0300 From: Peter Pentchev To: Maxim Kozin Cc: security@FreeBSD.ORG Subject: Re: openssh-portable and s/key passwords Message-ID: <20020626121924.GH355@straylight.oblivion.bg> Mail-Followup-To: Maxim Kozin , security@FreeBSD.ORG References: <3D19A714.6000408@cerint.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LiQwW4YX+w4axhAx" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --LiQwW4YX+w4axhAx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 26, 2002 at 04:09:49PM +0400, Maxim Kozin wrote: > > I'm not sure if it's relevant to FreeBSD but debian advisory > > http://www.debian.org/security/2002/dsa-134 > > says: > >=20 > > * keyboard interactive authentication does not work with privilege se= peration. > > Most noticable for Debian users this breaks PAM modules which need a PA= M conversation > > function (like the OPIE module). >=20 > Problem: setup openssh + pam(some self-write module) > When I don't create full chroot enviromnet in /usr/local/empty,=20 > sshd -d -d -d fail in start_pam. > All symbol in my_pam.so must be resolved on privsep step, because > copy in chroot all need libs,/etc/pam.conf and /etc/passwd > Now I can see, that pam started, make succefuly auth. > BUt session disconected with diagnostic: > debug3: monitor_read: checking request 24 > debug3: mm_send_keystate: Finished sending state > monitor_read: unsupported request: 24 > debug1: Calling cleanup 0x806d98c(0x0) >=20 > "Request type 24" is some about tty/pty ? Could you try creating the tty* and possibly the pty* device nodes in the chroot environment's /dev? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying. --LiQwW4YX+w4axhAx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9GbFM7Ri2jRYZRVMRAqkVAJwJZtcKKLE2xjEexyaKRS/ea86VcwCgtwN7 DpQpoEC7d9u+pt88eUOyrgY= =7PPG -----END PGP SIGNATURE----- --LiQwW4YX+w4axhAx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message