Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2
Dean Anderson
dean@av8.com
Fri, 17 Oct 2003 19:47:26 -0400 (EDT)
Doh!
This patch should be retracted. It didn't quite solve the problem. I found
that by disabling PRIVSEP the problem was fixed. PRIVSEP somehow breaks
setting the PAG. With PRIVSEP turned off, everything works...
But there are some other complaints about openssh that I haven't provided
patches for:
Password authentication should try pam with the supplied password. Apps
that don't support keyboard-interactive/pam and just do passwords should
still use PAM modules. Openssh is basically useless on PAM systems, since
many/most ssh clients do not support keyboard-interactive/pam. It looks
like this was intentionally removed... Is there any chance it might be put
back?
=09=09--Dean
On Fri, 17 Oct 2003, [iso-8859-2] Martin MOKREJ=A9 wrote:
> On Mon, 6 Oct 2003, Dean Anderson wrote:
>
> HI,
> just wanted to be sure at least some things get fixed in the portable
> release, but this is what I got back about your patch. What do you think?
> Will you discuss at openssh-unix-dev and submit the patch to openssh
> developers and Cc: us? ;)
> Thanks!
>
>
> --- forwarded message
> From: Darren Tucker <dtucker@zip.com.au>
> To: Martin MOKREJ=A9 <mmokrejs@natur.cuni.cz>
> Date: Fri, 17 Oct 2003 21:09:18 +1000
> Subject: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2 (fw=
d)
>
> [ The following text is in the "iso-8859-1" character set. ]
> [ Your display is set for the "iso-8859-2" character set. ]
> [ Some characters may be displayed incorrectly. ]
>
> Martin MOKREJS wrote:
> > how about applying this patch?
>
> Ten bucks says it'll break PAM on some other platform (my guess is HP-UX,
> but maybe we should run a sweepstakes on it or something). Please post i=
t
> to openssh-unix-dev and see what people say.
> -- end of forwarded message
>
>
>
> > The following patch fixes openssh-3.7.1p2 to work with the pam_afs.so
> > module:
> >
> > If anyone wants the rpm spec file for redhat 7.3, let me know.
> >
> > =09=09--Dean
> >
> > [root@dakota SOURCES]# more openssh-3.7.1p2-av8.patch
> > diff -r -u openssh-3.7.1p2.orig/session.c openssh-3.7.1p2/session.c
> > --- openssh-3.7.1p2.orig/session.c=09Tue Sep 23 04:59:08 2003
> > +++ openssh-3.7.1p2/session.c=09Mon Oct 6 01:25:05 2003
> > @@ -1275,8 +1275,8 @@
> > =09=09 * Reestablish them here.
> > =09=09 */
> > =09=09if (options.use_pam) {
> > -=09=09=09do_pam_session();
> > =09=09=09do_pam_setcred(0);
> > +=09=09=09do_pam_session();
> > =09=09}
> > # endif /* USE_PAM */
> > # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
> > defined(WITH_IRIX_ARRAY)
> >
> >
> > _______________________________________________
> > OpenAFS-devel mailing list
> > OpenAFS-devel@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
>
> --
> Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
> PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
> MIPS / Institute for Bioinformatics <http://mips.gsf.de>
> GSF - National Research Center for Environment and Health
> Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
> tel.: +49-89-3187 3683 , fax:=A0+49-89-3187 3585
>