#3 Unable to remove standard password authentication

closed-out-of-date
basil
None
5
2014-08-18
2009-10-18
No

My /etc/pam.d/sshd file contains this:

auth required pam_env.so
auth sufficient pam_barada.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

When I try to remove pam_unix.so I'm no longer able log in at all. It accepts my password, but then kicks me off immediately. But when I include it my password works. I want the account to still have a password so I can log into it from the console, but I want to always require that a barada token be used whenever logging in remotely. How do I turn off standard password authentication for sshd?

Here are the sequence of log messages for a successful barada authentication that fails to log me in:

Oct 17 06:34:36 mausoleum sshd[13599]: pam_barada(sshd:auth): pam_barada: authentication successful for joe
Oct 17 06:34:36 mausoleum sshd[13592]: Accepted keyboard-interactive/pam for joe from 2002:7f00:1:1:211:24ff:fed4:eee0 port 52181 ssh2
Oct 17 06:34:36 mausoleum sshd[13592]: fatal: PAM: pam_setcred(): Failure setting user credentials
Oct 17 06:37:54 mausoleum sshd[13828]: Accepted keyboard-interactive/pam for joe from 2002:7f00:1:1:211:24ff:fed4:eee0 port 52192 ssh2
Oct 17 06:37:54 mausoleum sshd[13828]: pam_unix(sshd:session): session opened for user joe by (uid=0)
Oct 17 06:37:56 mausoleum sshd[13828]: pam_unix(sshd:session): session closed for user joe

and here is one where it succeeds:

Oct 17 06:38:41 mausoleum sshd[13898]: pam_barada(sshd:auth): pam_barada: authentication successful for joe
Oct 17 06:38:41 mausoleum sshd[13890]: Accepted keyboard-interactive/pam for joe from 2002:7f00:1:1:211:24ff:fed4:eee0 port 52194 ssh2
Oct 17 06:38:41 mausoleum sshd[13890]: pam_unix(sshd:session): session opened for user joe by (uid=0)
Oct 17 06:40:12 mausoleum sshd[13890]: pam_unix(sshd:session): session closed for user joe

Discussion

  • basil

    basil - 2012-05-31

    Hi

    I've just taken over the maintenance of Barada and I see that you have this bug open from a looong time ago.

    I am assuming that this bug is no longer relevant so I will close it in 14 days if I do not hear to the contrary. If it is still a problem, then please update the bug accordingly.

    Basil

     
  • basil

    basil - 2012-05-31
    • status: open --> pending
     
  • basil

    basil - 2012-05-31
    • assigned_to: nobody --> basil-north
     
  • basil

    basil - 2012-06-13
    • status: pending --> closed-out-of-date
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks