From owner-freebsd-security@FreeBSD.ORG  Thu Feb 19 14:40:26 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EC97716A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 19 Feb 2004 14:40:26 -0800 (PST)
Received: from lvlworld.com (dsl-38.226.240.220.dsl.comindico.com.au
	[220.240.226.38])
	by mx1.FreeBSD.org (Postfix) with SMTP id C93F243D1D
	for <freebsd-security@freebsd.org>;
	Thu, 19 Feb 2004 14:40:25 -0800 (PST)
	(envelope-from tigger@onemoremonkey.com)
Received: (qmail 21900 invoked from network); 19 Feb 2004 22:41:23 -0000
Received: from unknown (HELO lvlworld.com) (192.168.1.120)
  by eeeor.goo with SMTP; 19 Feb 2004 22:41:23 -0000
Date: Fri, 20 Feb 2004 09:42:47 +1100
From: Tig <tigger@onemoremonkey.com>
To: freebsd-security@freebsd.org
Message-Id: <20040220094247.220247ca@piglet.goo>
In-Reply-To: <xzpwu6jul9h.fsf@dwp.des.no>
References: <20040219120450.1854b521@piglet.goo>
	<20040219123349.GB23725@yagonna.de>
	<xzpwu6jul9h.fsf@dwp.des.no>
X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Bogosity: No, tests=bogofilter, spamicity=0.461756, version=0.16.4
Subject: Re: secuirty bug with /etc/login.access
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2004 22:40:27 -0000

On Thu, 19 Feb 2004 16:44:26 +0100
des@des.no (Dag-Erling Sm=F8rgrav) wrote:

> Sven Pfeifer <sven@yagonna.de> writes:
> > this looks like, you have configured
> >
> >        PasswordAuthentication yes
> > and
> >         Protocol 2,1
> >
> > in your servers /etc/ssh/sshd_config. So your client is trying to
> > authenticate to the _local_ id-File. If this is failing (3 times)
> > then it tries the PasswordAuthentication at the _remote_ maschine.
>=20
> Uh, no.  There is never any attempt by the client to authenticate the
> user against the client machine's password database.  All four prompts
> are issued by the remote machine.  The first three are from PAM, the
> fourth is OpenSSH's built-in password authentication which apparently
> does not respect login.access.  The solution is to disable password
> authentication in /etc/ssh/sshd_config; this should be the default now
> that PAM works.
>=20
> DES
> --=20
> Dag-Erling Sm=F8rgrav - des@des.no

OK, Thanks, but do you mean;=20

'this should be the default now that PAM works, because I have have just
update the CVS repository'

or..

'this should be the default now that PAM works, but its not at the
moment. Someone will (hopefully) fix it soon'

-Tig