Problem with password authentication

Heinz Knutzen Mon, 18 Jan 1999 09:32:36 -0500

I tested the lsh-snapshot-1999-01-14 on my linux system
(S.u.S.E. Linux 5.3 (i386) - Kernel 2.0.35).

The snapshot compiled fine on my system, but
password authentication didn't work.

1.)
lshd returned SSH_MSG_USERAUTH_FAILURE when I tried to logon
to my account on localhost by typing the password.
My system uses shadow passwords.
By looking at the code in server_password.c I learned, that lshd uses
the shadow password only when the password entry in /etc/passwd equals
"x".
On my system the password entry for my account in /etc/passwd is "":
hk::501:100:Heinz Knutzen:/home/hk:/bin/bash
Some other users with active passwords have "x" or "*" in the password
field in /etc/passwd. 

On my system the manual page for SHADOW(5) says:
...
       This information supercedes any password or  password  age
       information present in /etc/passwd.
... 

To make lshd work, I could have changed the password entry in
/etc/passwd to "x".
But I decided to change server_password.c such that
the shadow password is used whenever HAVE_GETSPNAM is true,
regardless of the value of the password entry in /etc/passwd.
(See patch below).

2.)
Another small problem arised, when I tried the example from the
README:
"
Start an lshd server on port 4711, using the key created above as the
server host key:

  ./lshd -p 4711 -h NEW_KEY
"
On a system with shadow passwords this only works, when the server is
started as root. Otherwise the funktion getspnam returns no password
information but only NULL.

3.)
I think the code in server_password.c should check the case when
getpwnam or getspnam return NULL. It's OK to return simply
SSH_MSG_USERAUTH_FAILURE when the user doesn't exit. But if the
functions return NULL because an error occured, the server
should show a message.



*** server_password.c.orig      Thu Jan 14 04:02:10 1999
--- server_password.c   Sun Jan 17 17:28:34 1999
***************
*** 77,83 ****
    res->name = name;

  #ifdef HAVE_GETSPNAM
-   if (passwd->pw_passwd && !strcmp(passwd->pw_passwd, "x"))
    {
      struct spwd *shadowpwd;

--- 77,82 ----
***************
*** 88,96 ****
      }
      res->passwd = format_cstring(shadowpwd->sp_pwdp);
    }
!   else
! #endif /* HAVE_GETSPNAM */
!     res->passwd = format_cstring(passwd->pw_passwd);

    res->home = format_cstring(passwd->pw_dir);
    res->shell = format_cstring(passwd->pw_shell);
--- 87,95 ----
      }
      res->passwd = format_cstring(shadowpwd->sp_pwdp);
    }
! #else /* !HAVE_GETSPNAM */
!   res->passwd = format_cstring(passwd->pw_passwd);
! #endif /* !HAVE_GETSPNAM */

    res->home = format_cstring(passwd->pw_dir);
    res->shell = format_cstring(passwd->pw_shell);
Problem with password authentication

Reply via email to
