Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
openssh-3.9_p1 behaves differently if PAM is switched off either during compile time (see "A" below) or via configuration file (see "B" below). Common configuration in both cases in /etc/ssh/sshd_config: PasswordAuthentication no #UsePAM no (All other lines in the file are as installed by the package.) app-admin/skey is installed and configured. Steps to Reproduce "A": 1. Unset "pam" useflag 2. emerge openssh, restart sshd 3. ssh from remote machine Actual Results "A": Behaviour is as expected: $ ssh user@host otp-md5 89 foo1234567 S/Key Password: [... login succeeds] Steps to Reproduce "B": 1. Set "pam" useflag 2. emerge openssh, restart sshd 3. ssh from remote machine Actual Results "B": No password prompt appears and login is immediately refused: $ ssh user@host Permission denied (publickey,keyboard-interactive). $ Expected Results: The behaviour of sshd should be identical in cases A and B (and should be as in case A).
Created an attachment (id=40404) [details] patch for auth2-chall.c Throughout the openssh source, "#ifdef USE_PAM" is always followed by "if (options.use_pam)", except for this one case in function privsep_challenge_enable.
Created an attachment (id=40414) [details] Debug output from server log for case B The last lines of the "sshd -ddd" log show output from sshpam_init_ctx, in spite of UsePAM being switched off.
Created an attachment (id=40456) [details] proposed patch for auth2-chall.c
Please note that this bug is fixed by upstream. See URL.
Commited, thanks!
