thr3ads.net - openssh unix dev - 2.1.1p2 HP-UX 11 PAM General Commerical Security error [Jul 2000]

If this information is useful, please help other people find it:
Share via:

Kevin Steves

2000-Jul-03 12:37 UTC

2.1.1p2 HP-UX 11 PAM General Commerical Security error

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:

Jul  3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul  3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption
turned on.
Jul  3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack
detector.
Jul  3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username
"stevesk"
Jul  3 14:24:53 robinson sshd[1236]: debug: Attempting authentication for
stevesk.
Jul  3 14:24:54 robinson sshd[1236]: Accepted rsa for stevesk from 192.168.1.206
port 909
Jul  3 14:24:58 robinson sshd[1236]: debug: PAM setting rhost to
"jenny.foo.se"
Jul  3 14:24:58 robinson sshd[1236]: pam_acct_mgmt: error General Commercial
Security error
Jul  3 14:24:58 robinson sshd[1236]: PAM rejected by account configuration:
General Commercial Security error
Jul  3 14:24:58 robinson sshd[1236]: Faking authloop for illegal user stevesk
from 192.168.1.206 port 909

2.1.1p1 works fine (modulo scp hang/blocked on read problem).

OpenSSH configured has been configured with the following options.
                 User binaries: /opt/openssh-2.1.1p2/bin
               System binaries: /opt/openssh-2.1.1p2/sbin
           Configuration files: /etc/opt/openssh
               Askpass program: /opt/openssh-2.1.1p2/libexec/ssh/ssh-askpass
                  Manual pages: /opt/openssh-2.1.1p2/man/catX
                      PID file: /var/run
      Random number collection: EGD (/etc/opt/egd/entropy)
                Manpage format: cat
                   PAM support: yes
            KerberosIV support: no
                   AFS support: no
                 S/KEY support: no
          TCP Wrappers support: yes
          MD5 password support: no
   IP address in $DISPLAY hack: no
      Use IPv4 by default hack: no
       Translate v4 in v6 hack: no

Compiler flags: -g -I/usr/local/include -I../../tcp_wrappers/tcp_wrappers_7.6
-Ae -D_HPUX_SOURCE -I../../openssl/32-bit/openssl-0.9.5a/include
Linker flags: -L/usr/local/lib -L../../tcp_wrappers/tcp_wrappers_7.6
-L../../openssl/32-bit/openssl-0.9.5a/lib -L../../openssl/32-bit/openssl-0.9.5a
Libraries: -lnsl -lz  -lsec -lpam -lcrypto  -lwrap

Kevin Steves

2000-Jul-03 14:05 UTC

head link

2.1.1p2 HP-UX 11 PAM General Commerical Security error

: Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
: Jul  3 14:24:58 robinson sshd[1236]: pam_acct_mgmt: error General Commercial
Security error
: Jul  3 14:24:58 robinson sshd[1236]: PAM rejected by account configuration:
General Commercial Security error

A little more info.  I wanted to see the specific pam_retval so I
modifed the error string; then I went ahead and added it to the other
auth-pam.c error/debug output.  It might be worthwhile to integrate so
the patch is attached.

Now I see:

Jul  3 15:19:29 robinson sshd[1293]: PAM rejected by account configuration: [32]
General Commercial Security error

which is:

#define PAM_TERM_ERROR          32      /* Terminal database corruption or 
                                           no corresponding entry found */

I'm not sure at this point what this could indicate, but I'll try to
track it down.
-------------- next part --------------
--- auth-pam.c~	Thu Jun 22 13:44:54 2000
+++ auth-pam.c	Mon Jul  3 15:49:05 2000
@@ -105,19 +105,22 @@
 	{
 		pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot close PAM session: %.200s", 
+			log("Cannot close PAM session: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 
 		pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot delete credentials: %.200s", 
+			log("Cannot delete credentials: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 
 		pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot release PAM authentication: %.200s", 
+			log("Cannot release PAM authentication: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
@@ -145,8 +148,9 @@
 			pw->pw_name);
 		return 1;
 	} else {
-		debug("PAM Password authentication for \"%.100s\" failed:
%s",
-			pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+		debug("PAM Password authentication for \"%.100s\" failed: [%d]
%s",
+			pw->pw_name, pam_retval,
+			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		return 0;
 	}
 }
@@ -160,7 +164,8 @@
 	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, 
 		get_canonical_hostname());
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set rhost failed: %.200s", 
+		fatal("PAM set rhost failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 
@@ -168,7 +173,8 @@
 		debug("PAM setting ruser to \"%.200s\"", remote_user);
 		pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set ruser failed: %.200s", 
+			fatal("PAM set ruser failed: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
@@ -182,7 +188,8 @@
 			pam_msg_cat(NEW_AUTHTOK_MSG);
 			break;
 		default:
-			log("PAM rejected by account configuration: %.200s", 
+			log("PAM rejected by account configuration: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 			return(0);
 	}
@@ -199,14 +206,16 @@
 		debug("PAM setting tty to \"%.200s\"", ttyname);
 		pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set tty failed: %.200s", 
+			fatal("PAM set tty failed: [%d] %.200s", 
+				pam_retval,
 				PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 	}
 
 	pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM session setup failed: %.200s", 
+		fatal("PAM session setup failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 }
@@ -219,7 +228,8 @@
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM setcred failed: %.200s", 
+		fatal("PAM setcred failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 }
@@ -242,7 +252,8 @@
 		(pam_handle_t**)&pamh);
 
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM initialisation failed: %.200s", 
+		fatal("PAM initialisation failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 
@@ -255,7 +266,8 @@
 	 */
 	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set tty failed: %.200s", 
+		fatal("PAM set tty failed: [%d] %.200s", 
+			pam_retval,
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}

Damien Miller

2000-Jul-08 00:16 UTC

head link

2.1.1p2 HP-UX 11 PAM General Commerical Security error

On Mon, 3 Jul 2000, Kevin Steves wrote:
> Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
What pam configuration are you using? Your's is the first report of
PAM on HP/UX.

-d

-- 
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)

Possibly Parallel Threads

Search for more possibly parallel threads

openssh unix dev - Jul 2000 - 2.1.1p2 HP-UX 11 PAM General Commerical Security error

2.1.1p2 HP-UX 11 PAM General Commerical Security error

2.1.1p2 HP-UX 11 PAM General Commerical Security error

2.1.1p2 HP-UX 11 PAM General Commerical Security error

Possibly Parallel Threads