[OpenAFS] Re: openssh-3.7.1, pam and no token after login
John Koyle
jkoyle@rfpdepot.com
Tue, 16 Dec 2003 15:42:21 -0700
IIRC, the default settings for OpenSSH changed with version 3.7.1. Have
you checked to see if
UsePAM yes
is configured in your sshd_config file? If not, try setting that and
restarting sshd.
John
On Tue, 2003-12-16 at 15:19, Hendrik Hoeth wrote:
> Hi Chris,
>
> Thus spake Christopher Allen Wing (wingc@engin.umich.edu):
> > Are you using the OpenAFS pam module?
>
> yes, I am.
>
> > The later versions of openssh with 'privilege separation' enabled seem
> > to be doing some interesting things with PAM, like opening the PAM
> > handle as root and then later closing it under a different uid, etc.
>
> openssh before 3.7.1 (even with privilege seperation) used to work fine.
> The problem that I don't get a token appeared with openssh 3.7.1.
>
> John T. Boyland reported the same problem on Solaris with privsep
> disabled some time ago, but he has no solution yet, either.
>
> > We have our own pam module that needed some modifications to work
> > properly. I haven't tried the OpenAFS one so I don't know if it is
> > broken with newer openssh or not.
>
> May I asked what you changed in your pam module? Are these special
> changes for your environment, or could it be useful for me as well?
>
> Hendrik