openssh bugs - Oct 2016 - [Bug 2622] New: PAM stack sometimes will not run during auth and this causes auths to fail

https://bugzilla.mindrot.org/show_bug.cgi?id=2622

            Bug ID: 2622
           Summary: PAM stack sometimes will not run during auth and this
                    causes auths to fail
           Product: Portable OpenSSH
           Version: 4.3p2
          Hardware: ix86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: desaiar at umich.edu

Created attachment 2877
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2877&action=edit
Config Files and Debug Logs

I am running Centos 5 OpenSSH 4.3p2-82.0.2
This patch for the portable version has caused a bug where my PAM stack
is sometimes not being run. Attempting to connect about 70% of the time
will give me a failure, but occasionally I will see the password prompt
from pam_unix and be allowed to auth successfully.

Upgrading and downgrading between 4.3p2-82.0.1 and 4.3p2-82.0.2 has
shown me that the issue is connected to this patch in some way. In
4.3p2-82.0.1 I always get directed to perform PAM authentication and
can auth. I've attached the two new patch files for this version to
help debugging. Since I'm using challenge response authentication I
believe it is more related to the keyboard-interactive patch.

I've also included my sshd_config file. I believe the interesting
callouts are:
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes

I have included the relevant PAM stack files as well.

For debugging I've attached part of the client logs with -vvv and part
of the server logs with -ddd.

The logs seem to suggest that it knows to run the PAM stack but then
somewhere the connection does not succeed. 

Please let me know if there is anything else I can do to help
troubleshoot this issue.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2622

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to desaiar from comment #0)
> I am running Centos 5 OpenSSH 4.3p2-82.0.2
That is a vendor-modified version of a ten year old OpenSSH release.

Can you reproduce the problem with the current release (7.3p1) build
from the source available at openssh.com?  If not then you need to talk
to the vendor for help.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2622

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Please reopen if you can reproduce with the current version as
available from openssh.com, otherwise please report this problem to the
package's vendor.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2622

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.