Date: Fri, 20 Feb 2004 09:42:47 +1100 From: Tig <tigger@onemoremonkey.com> To: freebsd-security@freebsd.org Subject: Re: secuirty bug with /etc/login.access Message-ID: <20040220094247.220247ca@piglet.goo> In-Reply-To: <xzpwu6jul9h.fsf@dwp.des.no> References: <20040219120450.1854b521@piglet.goo> <20040219123349.GB23725@yagonna.de> <xzpwu6jul9h.fsf@dwp.des.no>
index | next in thread | previous in thread | raw e-mail
On Thu, 19 Feb 2004 16:44:26 +0100 des@des.no (Dag-Erling Smørgrav) wrote: > Sven Pfeifer <sven@yagonna.de> writes: > > this looks like, you have configured > > > > PasswordAuthentication yes > > and > > Protocol 2,1 > > > > in your servers /etc/ssh/sshd_config. So your client is trying to > > authenticate to the _local_ id-File. If this is failing (3 times) > > then it tries the PasswordAuthentication at the _remote_ maschine. > > Uh, no. There is never any attempt by the client to authenticate the > user against the client machine's password database. All four prompts > are issued by the remote machine. The first three are from PAM, the > fourth is OpenSSH's built-in password authentication which apparently > does not respect login.access. The solution is to disable password > authentication in /etc/ssh/sshd_config; this should be the default now > that PAM works. > > DES > -- > Dag-Erling Smørgrav - des@des.no OK, Thanks, but do you mean; 'this should be the default now that PAM works, because I have have just update the CVS repository' or.. 'this should be the default now that PAM works, but its not at the moment. Someone will (hopefully) fix it soon' -Tighelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040220094247.220247ca>