Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#40 PAM_AUTH login fail at openssh 5.4p1

open
nobody
None
5
2010-12-01
2010-12-01
Anonymous
No

Env> openssh 5.4.0.6101, openssl 0.9.8.1300, LDAP
Problem> After upgrade openssh from 5.2p1 to 5.4p1, user can't login thru ssh with PAM_AUTH.
Below is debug output.
---------------------------------------------------------------------------------------------------------------------------------------------------------
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 379
debug3: AIX/setauthdb set registry 'compat'
debug3: aix_restoreauthdb: restoring old registry ''
debug3: AIX/loginrestrictions returned 0 msg (none)
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for mshwang
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 45
debug3: monitor_read: checking request 45
monitor_read: unpermitted request 45
debug1: Eff_sl:::Eff_tl:
debug3: mm_inform_authserv entering
debug1: do_cleanup
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug1: audit event euid 0 user mshwang event 12 (SSH_connabndn)
debug3: mm_request_send entering: type 10
debug1: Return Val-1 for auditproc:0
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
---------------------------------------------------------------------------------------------------------------------------------------
Workaround : use STD_AUTH

Discussion