From owner-freebsd-stable@FreeBSD.ORG  Fri Nov 23 09:15:02 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2A07716A46C
	for <freebsd-stable@freebsd.org>; Fri, 23 Nov 2007 09:15:02 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 039AD13C4CC
	for <freebsd-stable@freebsd.org>; Fri, 23 Nov 2007 09:15:01 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: by mx01.sc1.parodius.com (Postfix, from userid 1000)
	id 33E3D1CC079; Fri, 23 Nov 2007 01:14:56 -0800 (PST)
Date: Fri, 23 Nov 2007 01:14:56 -0800
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Quan Qiu <jackqq@gmail.com>
Message-ID: <20071123091456.GA9582@eos.sc1.parodius.com>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAACAAAAAAAAAAiuboouUF6EKrT2uPks5M1AAAAAD7AgAAAPYFABAAAAAdMdDZF9ebRbtpiHRx6LqFAQAAAAA=@kmjeuro.com>
	<474325A0.7060802@gmail.com>
	<200711202315.lAKNFa4R012904@fire.js.berklix.net>
	<20071121002043.GA98340@eos.sc1.parodius.com>
	<53a565700711202145q3c1a8db5k8c0d41d7ad890405@mail.gmail.com>
	<EC7D0AEA-8151-45BC-B2C4-15B5E108F404@khera.org>
	<53a565700711221721v1eb695bcy507780fc3fc30eaa@mail.gmail.com>
	<20071123052155.GA721@eos.sc1.parodius.com>
	<53a565700711222214t7cc160bcq25769f9393d75081@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53a565700711222214t7cc160bcq25769f9393d75081@mail.gmail.com>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: freebsd-stable@freebsd.org
Subject: Re: Software for distribution of configuration files and changes
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2007 09:15:02 -0000

On Fri, Nov 23, 2007 at 02:14:14PM +0800, Quan Qiu wrote:
> > And have you tried actually attempting to log in with root's password
> > that way?  I'm betting it doesn't work.
> 
> That really worked for me. I'm running RELENG_5. The cvsid for
> /etc/pam.d/sshd is
> # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
> sshd version:
> OpenSSH_3.8.1p1 FreeBSD-20060930, OpenSSL 0.9.7e-p1 25 Oct 2004
> 
> My proof:
> 
> Using username "root".
> Using keyboard-interactive authentication.
> Password:
> Last login: Fri Nov 23 09:14:27 2007 from 61.136.19.236
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>         The Regents of the University of California.  All rights reserved.
> 
> FreeBSD 5.5-STABLE (JACKQQNAT) #6: Mon Nov 19 21:33:30 CST 2007
> 
> root@services [~] 13:51 Fri Nov 23
> #cat /etc/pam.d/sshd
> #
> # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
> ...
> 
> 
> Without PAM:
> 
> Using username "root".
> root@blahblah.blah's password:
> Access denied
> root@blahblah.blah's password:

Okay, so then the difference between what you're seeing and what I'm
seeing is likely attributed to either OpenSSH changes (less likely) or
PAM configuration changes between RELENG_5 and RELENG_6 (more likely).

http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/pam.d/sshd

-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |