[OpenAFS] Solaris 9 official sshd patch breaks pam_afs functioning

Douglas E. Engert deengert@anl.gov
Tue, 12 Sep 2006 09:03:51 -0500 

Jeff Blaine wrote:

> Has anyone solved this? :(  I'm using OpenAFS 1.4.1.
> 
> Patch 113273-11 (sshd SPARC) has killed off token-getting via
> pam_afs.so.1


We are using OpenSSH on Solaris 9, but Sun's sshd on Solaris 10.

Did Sun change the pam service names for sshd to do what they did in
Solaris 10? So sshd is looking for sshd-kbdint, but its not in your pam.conf
so it is using other?

You could do a strings on thr sshd to look for sshd-kdbint

> 
> I'm syslogging *.debug to /var/adm/debug.log and all I get is
> the following (even with 'debug' as an option to pam_afs.so.1)
> 
> Sep 12 00:11:12 noodle.domain.com sshd[444]: [ID 800047 auth.info] 
> Accepted keyboard-interactive for jblaine from 192.168.168.2 port 3995 ssh2
> ---------------------------------------------------------------------
> login as: jblaine
> Using keyboard-interactive authentication.
> Password:
> Last login: Mon Sep 11 23:45:06 2006 from 192.168.168.2
> Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
> jblaine > tokens
> 
> Tokens held by the Cache Manager:
> 
>    --End of list--
> jblaine >
> ---------------------------------------------------------------------
> Running 'sshd -d' shows:
> 
> ...
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 199/384
> debug1: bits set: 1565/3191
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 1617/3191
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user jblaine service ssh-connection method 
> none
> debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
> Failed none for jblaine from 192.168.168.2 port 3961 ssh2
> debug1: userauth-request for user jblaine service ssh-connection method 
> keyboard-interactive
> debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
> debug1: keyboard-interactive devs
> debug1: got 1 responses
> debug1: PAM conv function returns PAM_SUCCESS
> Accepted keyboard-interactive for jblaine from 192.168.168.2 port 3961 ssh2
> debug1: permanently_set_uid: 26560/10
> debug1: Entering interactive session for SSH2.
> ...
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444