Date: Fri, 8 Jun 2001 17:27:07 -0400 From: "Patrick Bihan-Faou" <patrick@netzuno.com> To: <freebsd-stable@freebsd.org> Subject: Re: Two pam/ssh questions. Message-ID: <HJEEKLMFLKEOKHOKNPBMEEAJCPAA.patrick@netzuno.com>
next in thread | raw e-mail | index | archive | help
Hi,
> > Second, I 'cvsup'd a couple of days ago, did a 'make world' last night
> > and now am getting "sshd[NNN]: PAM setcred failed[6]: Permission denied"
> > errors whenever I tried to ssh in from the outside.
I am running in the same problem. In my setup, this occurs only when I am
using RSA or DSA authentication (instead of clear-text password).
Since I want password based authentication disabled, I hacked the code to
not die if the setcred fails:
root@zeweb# cvs -d /cvs diff -u auth-pam.c
Index: auth-pam.c
===================================================================
RCS file: /cvs/freebsd/src/crypto/openssh/auth-pam.c,v
retrieving revision 1.2.2.1
diff -u -r1.2.2.1 auth-pam.c
--- auth-pam.c 2001/01/12 04:25:54 1.2.2.1
+++ auth-pam.c 2001/06/08 21:15:05
@@ -30,7 +30,7 @@
#include "xmalloc.h"
#include "servconf.h"
-RCSID("$FreeBSD: auth-pam.c,v 1.2.2.1 2001/01/12 04:25:54 green Exp $");
+RCSID("$FreeBSD$");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"
@@ -261,7 +261,7 @@
debug("PAM establishing creds");
pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM setcred failed[%d]: %.200s",
+ debug("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
This is not likely to be the proper thing to do, but it works for me right
now. This has been broken recently (I think PAM has just been updated
in -STABLE, this could be why).
patrick.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HJEEKLMFLKEOKHOKNPBMEEAJCPAA.patrick>