Date: Thu, 14 Feb 2002 11:47:13 +0200 (SAST) From: Gareth Hopkins <gareth@za.uu.net> To: security@freebsd.org Subject: Problems with openssh, kerberos5 and PAM Message-ID: <20020214111521.S4035-100000@yacko.fw.uunet.co.za>
next in thread | raw e-mail | index | archive | help
Hi, I am having the following problem with openssh, kerberos5 and pam authentication. SSH version is OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0, OpenSSL 0x0090601f On the server side when someone logs in with no kerberos tickets and enters their kerberos password the sshd daemon dies with the following error [root@server]/var/mail $ sshd -d debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20011202 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from servername.foo.bar port 59250 Connection from x.x.x.x port 59250 debug1: Client protocol version 1.5; client software version 1.2.27 debug1: no match: 1.2.27 debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD localisations 20011202 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Starting up PAM with username "ghopkins" debug1: Attempting authentication for ghopkins. debug1: temporarily_use_uid: 1000/20 (e=0) debug1: restore_uid Failed rsa for ghopkins from x.x.x.x port 59250 debug1: PAM Password authentication accepted for user "ghopkins" Accepted password for ghopkins from x.x.x.x port 59250 debug1: PAM setting rhost to "servername.foo.bar" debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug1: PAM setting tty to "/dev/ttypc" debug1: do_pam_session: euid 0, uid 0 debug1: PAM establishing creds Bus error /etc/pam.conf has the following sshd auth sufficient pam_krb5.so try_first_pass sshd auth required pam_unix.so sshd account sufficient pam_krb5.so try_first_pass sshd account required pam_unix.so sshd session sufficient pam_krb5.so try_first_pass sshd session required pam_unix.so Any ideas what the problem could be? --- Gareth Hopkins Server Operations UUNET SA, a WorldCom Company (o) +27.21.658.8700 (f) +27.21.658.8552 (m) +27.82.389.5389 http://www.uunet.co.za 08600 UUNET (08600 88638) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214111521.S4035-100000>