[OpenAFS] Re: openssh-3.7.1, pam and no token after login
Hendrik Hoeth
hendrik.hoeth@cern.ch
Tue, 16 Dec 2003 23:19:24 +0100
Hi Chris,
Thus spake Christopher Allen Wing (wingc@engin.umich.edu):
> Are you using the OpenAFS pam module?
yes, I am.
> The later versions of openssh with 'privilege separation' enabled seem
> to be doing some interesting things with PAM, like opening the PAM
> handle as root and then later closing it under a different uid, etc.
openssh before 3.7.1 (even with privilege seperation) used to work fine.
The problem that I don't get a token appeared with openssh 3.7.1.
John T. Boyland reported the same problem on Solaris with privsep
disabled some time ago, but he has no solution yet, either.
> We have our own pam module that needed some modifications to work
> properly. I haven't tried the OpenAFS one so I don't know if it is
> broken with newer openssh or not.
May I asked what you changed in your pam module? Are these special
changes for your environment, or could it be useful for me as well?
Hendrik
--
Fuer jedes Problem gibt es eine Loesung,
die einfach, klar und falsch ist.
(Henry Louis Mencken)