while trying to sort out the PAM incompatabilities between openssh 3.0.2p1
and solaris 8 and sun's pam_krb5 i got some things to work. i'm really
not
sure where the appropriate place to submit patches is so for now i'm sending
them here.
this patch will allow PAM interoperability when using sun's pam_krb5 without
using the system login routine (this way X forwarding will work). both ssh
and scp work when using the following pam.conf entry:
sshd auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
NOTE: when authenticating against pam_krb5 a user with an expired passwd
cannot login. when authenticating against pam_unix a user with an expired
passwd can login and is not prompted to change their password.
NOTE: "pam_setcred: error Permission denied" errors are still issued
when
exiting a session.
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
--- 297,303 ----
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
