bugzilla-daemon at mindrot.org
2003-Sep-17 03:44 UTC
[Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam
http://bugzilla.mindrot.org/show_bug.cgi?id=647
Summary: Setting "UsePAM no" in sshd_config gives error if
not
config'ed w/ --with-pam
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: SunOS
Status: NEW
Severity: minor
Priority: P4
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: pon at es.net
CC: pon at es.net
For OpenSSH_3.7p1, if one does NOT use the "--with-pam" configuration
option, setting the default "#UsePAM yes" flag in sshd_config to
"UsePam no" will cause the following error:
init.d [111]# ./openssh start
/etc/ssh/sshd_config line 75: Unsupported option UsePAM
However, if one does use the "--with-pam" configuration option,
setting the flag "UsePam no" is acceptable.
Seems a bit confusing to me. Perhaps "#UsePAM no" should be the
default?
Thanks.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 07:47 UTC
[Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam
http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 17:47 ------- Created an attachment (id=422) --> (http://bugzilla.mindrot.org/attachment.cgi?id=422&action=view) Set options->use_pam to 0 if USE_PAM is not set On a related note, options.use_pam is set even unless overridden by the UsePAM directive, which doesn't happen if PAM support isn't compiled in. This means, for example, that things like this (from auth.c) don't happen when PAM support is disabled: #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) if (!options.use_pam) spw = getspnam(pw->pw_name); Hey! That might be the cause of some of our mystery segfaults on Solaris 2.6! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 08:40 UTC
[Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam
http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From djm at mindrot.org 2003-09-18 18:40 ------- Maybe it should just default to 0 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 08:57 UTC
[Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam
http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 18:57 ------- That was my first thought, but most of the options go through this "-1 = unset" -> set from config -> apply default if -1 process. I assumed there was a reason for it, so left it that way. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-07 06:57 UTC
[Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam
http://bugzilla.mindrot.org/show_bug.cgi?id=647
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From dtucker at zip.com.au 2003-10-07 16:57 -------
As of 3.7.1p2 UsePAM defaults to "no".
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 936] S/Key authentication fails if UsePAM=no
- [Bug 1410] New: Correct UsePAM comment in sshd_config on Mac OS X
- 3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
- unexpected change in "locked account" behaviour
- PermitRootLogin without-password functionality differs for UsePAM yes/no option