Date: Sat, 9 Jun 2001 15:02:51 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Mark Murray <mark@grondar.za> Cc: Christopher Schulte <christopher@schulte.org>, Henk Wevers <henk@home.cg.nu>, <stable@FreeBSD.ORG> Subject: Re: ssh RSA login faild! with keys HELP Message-ID: <200106092202.f59M2p809657@earth.backplane.com> References: <5.1.0.14.0.20010609161831.0256eec0@pop.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help
(Mark, my buildworld is as-of midnight June 7th and it still breaks for me, could you clarify the situation with libpam and sshd?) I don't see a mention of openssh being the problem. I did an upgrade myself today and hit the same problem.... pam_setcred() failed, permission denied. Fortunately though, being a programmer, I can try to track things down. What I came up with is that the 5/3 PAM import seems to have introduced some sort of 'cached error code' feature. The PAM_SETCRED command assumes that the chain has already been executed and sets the use_cached_chain variable to 1. Unfortunately, at least insofar as openssh goes, the chain being called appears to have NOT been called already, so the cached values set to the default, which is -1, which produces the error. Turning off use_cached_chain in the pam library appears to solve the problem. i.e. in /usr/src/contrib/libpam/libpam/pam_dispatch.c. THIS MAY NOT BE THE CORRECT SOLUTION! But it worked for me. Since Mark M is responsible for this import, maybe he can shed some light on the problem. I've CC'd him. -Matt Index: pam_dispatch.c =================================================================== RCS file: /home/ncvs/src/contrib/libpam/libpam/pam_dispatch.c,v retrieving revision 1.1.1.1.6.1 diff -u -r1.1.1.1.6.1 pam_dispatch.c --- pam_dispatch.c 2001/06/07 09:07:32 1.1.1.1.6.1 +++ pam_dispatch.c 2001/06/09 21:48:20 @@ -270,7 +270,7 @@ break; case PAM_SETCRED: h = pamh->handlers.conf.setcred; - use_cached_chain = 1; + use_cached_chain = 0; break; case PAM_ACCOUNT: h = pamh->handlers.conf.acct_mgmt; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106092202.f59M2p809657>