OpenSSH and PAM
Posted on 2005-04-15
Im trying to auth myself over ssh via PAM against an OpenLDAP server! I have added myself in the ldapserver, started up the ldap_cachemgr on my solaris 10 machine and it find my user with getent passwd. Next i have added to my pam.conf the following lines
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1 try_first_pass
I run OpenSSH3.9 compiled with --with-pam=yes flag. My sshd_conf contains the line UsePam=Yes. I turn on debug-mode 1 and tries to ssh in to the server. This is what I get from sshd.log (somewhat stripped)
debug1: PAM: initializing for "test"
PAM: setting PAM_RHOST to "clienthost"
PAM: setting PAM_TTY to "ssh"
Failed none for test from clientip port 50784 ssh2
PAM: num PAM env strin gs 0
Accepted keyboard-interactive/pam for linus from clientip port 50784 ssh2
monitor_child_preauth: test has been authenticated by privileged process
debug1: PAM: reinitializing credentials
[ID 800047 local6.crit]fatal: PAM: pam_setcred(): Failure setting user credentials
So it do authenticate me, but it dies on the pam_setcred().
Go any idea why? How to fix?