bugzilla-daemon at mindrot.org
2003-Oct-08 15:58 UTC
[Bug 736] issues authenticating 3.7p2 with novell directory server
http://bugzilla.mindrot.org/show_bug.cgi?id=736
Summary: issues authenticating 3.7p2 with novell directory
server
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: security
Priority: P1
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: osumano at csc.com
We use novell directory services to authenticate users. We are running solaris
8,7 and 6. Our current version of ssh is "OpenSSH_3.4p1".. This works
fine
with nds but not the current version. When we do some traces in NDS we see that
the user is hitting the nds server but we are not getting error messages from
nds. As soon as we put the original version of ssh back.. authentication works.
THe reason we are upgrading is because of all the security issues that have
been posted. Please let me know how to proceed.
I'm posting our pam.conf configuration for ssh.
sshd auth sufficient /usr/lib/security/pam_nds.so.0
sshd account sufficient /usr/lib/security/pam_nds.so.0
sshd session sufficient /usr/lib/security/pam_nds.so.0
sshd password required /usr/lib/security/pam_nds.so.0
sshd auth required /usr/lib/security/pam_unix.so.1 try_first_pass
sshd account required /usr/lib/security/pam_unix.so.1
sshd session required /usr/lib/security/pam_unix.so.1
sshd password sufficient /usr/lib/security/pam_unix.so.1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-12 06:44 UTC
[Bug 736] issues authenticating 3.7p2 with novell directory server
http://bugzilla.mindrot.org/show_bug.cgi?id=736 ------- Additional Comments From dtucker at zip.com.au 2003-10-12 16:44 ------- What do you mean by "we are not getting error messages from nds"? Does the authentication work but you don't get messages from the session modules? Or does it not authenticate? Do you have "PasswordAuthentication no" and "ChallengeResponseAuthentication yes" in sshd_config? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.