?
Solved

OpenSSH and PAM

Posted on 2005-04-15
2
Medium Priority
?
2,863 Views
Last Modified: 2013-12-16
Hello!

Im trying to auth myself over ssh via PAM against an OpenLDAP server! I have added myself in the ldapserver, started up the ldap_cachemgr on my solaris 10 machine and it find my user with getent passwd. Next i have added to my pam.conf the following lines

sshd    auth requisite          pam_authtok_get.so.1
sshd    auth required           pam_dhkeys.so.1
sshd    auth sufficient         pam_unix_auth.so.1
sshd    auth required           pam_ldap.so.1 try_first_pass

I run OpenSSH3.9 compiled with --with-pam=yes flag. My sshd_conf contains the line UsePam=Yes. I turn on debug-mode 1 and tries to ssh in to the server. This is what I get from sshd.log (somewhat stripped)

debug1: PAM: initializing for "test"
PAM: setting PAM_RHOST to "clienthost"
PAM: setting PAM_TTY to "ssh"
Failed none for test from clientip port 50784 ssh2
PAM: num PAM env strin gs 0
Accepted keyboard-interactive/pam for linus from clientip port 50784 ssh2
monitor_child_preauth:  test has been authenticated by privileged process
debug1: PAM: reinitializing credentials
[ID 800047 local6.crit]fatal: PAM: pam_setcred(): Failure setting user credentials

So it do authenticate me, but it dies on the pam_setcred().

Go any idea why? How to fix?

Regards
Linus

0
Comment
Question by:mannie
  • 2
2 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 1500 total points
ID: 13803812
Please have a look at the following doc and fix it:

http://sunportal.sunmanagers.org/pipermail/summaries/2003-September/004371.html
0
 
LVL 38

Expert Comment

by:yuzh
ID: 13803828
You can also download openssh binary package from:
    http://sunfreeware.com/
The binary with PAM support, make sure that you install all the dependencies packages,
read the details on the download page.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month16 days, 18 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question