Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Jun 2001 15:02:51 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Mark Murray <mark@grondar.za>
Cc:        Christopher Schulte <christopher@schulte.org>, Henk Wevers <henk@home.cg.nu>, <stable@FreeBSD.ORG>
Subject:   Re: ssh RSA login faild! with keys HELP
Message-ID:  <200106092202.f59M2p809657@earth.backplane.com>
References:   <5.1.0.14.0.20010609161831.0256eec0@pop.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
    (Mark, my buildworld is as-of midnight June 7th and it still breaks for me,
    could you clarify the situation with libpam and sshd?)

    I don't see a mention of openssh being the problem.  I did an upgrade
    myself today and hit the same problem.... pam_setcred() failed, permission
    denied.

    Fortunately though, being a programmer, I can try to track things down.
    What I came up with is that the 5/3 PAM import seems to have introduced
    some sort of 'cached error code' feature.  The PAM_SETCRED command
    assumes that the chain has already been executed and sets the
    use_cached_chain variable to 1.

    Unfortunately, at least insofar as openssh goes, the chain being called
    appears to have NOT been called already, so the cached values set to
    the default, which is -1, which produces the error.

    Turning off use_cached_chain in the pam library appears to solve the
    problem.  i.e. in /usr/src/contrib/libpam/libpam/pam_dispatch.c.

    THIS MAY NOT BE THE CORRECT SOLUTION!  But it worked for me.  Since
    Mark M is responsible for this import, maybe he can shed some light
    on the problem.  I've CC'd him.

						-Matt
   
Index: pam_dispatch.c
===================================================================
RCS file: /home/ncvs/src/contrib/libpam/libpam/pam_dispatch.c,v
retrieving revision 1.1.1.1.6.1
diff -u -r1.1.1.1.6.1 pam_dispatch.c
--- pam_dispatch.c	2001/06/07 09:07:32	1.1.1.1.6.1
+++ pam_dispatch.c	2001/06/09 21:48:20
@@ -270,7 +270,7 @@
 	break;
     case PAM_SETCRED:
 	h = pamh->handlers.conf.setcred;
-	use_cached_chain = 1;
+	use_cached_chain = 0;
 	break;
     case PAM_ACCOUNT:
 	h = pamh->handlers.conf.acct_mgmt;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106092202.f59M2p809657>