From owner-freebsd-stable Fri Jun 8 14:27:50 2001 Delivered-To: freebsd-stable@freebsd.org Received: from stlaurent.mindstep.com (stlaurent.mindstep.com [216.18.127.174]) by hub.freebsd.org (Postfix) with ESMTP id 842EC37B428 for ; Fri, 8 Jun 2001 14:27:41 -0700 (PDT) (envelope-from patrick@netzuno.com) Received: from grouch (grouch.local.mindstep.com [192.168.0.10]) by zunobox.local.mindstep.com (Postfix) with SMTP id E141C98DC for ; Fri, 8 Jun 2001 17:26:05 -0400 (EDT) From: "Patrick Bihan-Faou" To: Subject: Re: Two pam/ssh questions. Date: Fri, 8 Jun 2001 17:27:07 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, > > Second, I 'cvsup'd a couple of days ago, did a 'make world' last night > > and now am getting "sshd[NNN]: PAM setcred failed[6]: Permission denied" > > errors whenever I tried to ssh in from the outside. I am running in the same problem. In my setup, this occurs only when I am using RSA or DSA authentication (instead of clear-text password). Since I want password based authentication disabled, I hacked the code to not die if the setcred fails: root@zeweb# cvs -d /cvs diff -u auth-pam.c Index: auth-pam.c =================================================================== RCS file: /cvs/freebsd/src/crypto/openssh/auth-pam.c,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 auth-pam.c --- auth-pam.c 2001/01/12 04:25:54 1.2.2.1 +++ auth-pam.c 2001/06/08 21:15:05 @@ -30,7 +30,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$FreeBSD: auth-pam.c,v 1.2.2.1 2001/01/12 04:25:54 green Exp $"); +RCSID("$FreeBSD$"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -261,7 +261,7 @@ debug("PAM establishing creds"); pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (pam_retval != PAM_SUCCESS) { - fatal("PAM setcred failed[%d]: %.200s", + debug("PAM setcred failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } This is not likely to be the proper thing to do, but it works for me right now. This has been broken recently (I think PAM has just been updated in -STABLE, this could be why). patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message