pam is chatty when logging in via ssh
On current as of about four hours ago, sshd spits the following to the console after a successful login: Feb 3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 24 It seems harmless, but pam doesnt sound happy. I did notice that mergemaster updated /etc/pam/sshd by adding some krb5 lines. -- David P. Reese Jr. [EMAIL PROTECTED] -- C You shoot yourself in the foot. Assembler You try to shoot yourself in the foot, only to discover you must first invent the gun, the bullet, the trigger, and your foot. How to Shoot Yourself in the Foot http://www.m5p.com/~pravn/foot.html To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: pam is chatty when logging in via ssh
On Mon, Feb 03, 2003 at 01:54:45AM -0800, David P. Reese Jr. wrote: On current as of about four hours ago, sshd spits the following to the console after a successful login: Feb 3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 24 It seems harmless, but pam doesnt sound happy. I did notice that mergemaster updated /etc/pam/sshd by adding some krb5 lines. That's odd. Assuming that pam_krb5 is the module which is returning `24', I fixed that 4 days ago (Wed Jan 29 21:20:38 2003 UTC). Are you certain you have rebuilt pam_krb5? What is the output of `ident /usr/lib/pam_krb5.so' (should show revision 1.13 or later). The `four hours' does indeed correspond to DES's enabling of pam_krb5 by default in etc/pam.d/sshd. Cheers, -- Jacques A. Vidrine [EMAIL PROTECTED] http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos [EMAIL PROTECTED] . [EMAIL PROTECTED] . [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: pam is chatty when logging in via ssh
On Mon, Feb 03, 2003 at 06:13:03AM -0600, Jacques A. Vidrine wrote:
On Mon, Feb 03, 2003 at 01:54:45AM -0800, David P. Reese Jr. wrote:
On current as of about four hours ago, sshd spits the following to the console
after a successful login:
Feb 3 01:41:29 metropolis sshd[550]: in _openpam_check_error_code():
pam_sm_setcred(): unexpected return value 24
It seems harmless, but pam doesnt sound happy. I did notice that mergemaster
updated /etc/pam/sshd by adding some krb5 lines.
That's odd. Assuming that pam_krb5 is the module which is returning
`24', I fixed that 4 days ago (Wed Jan 29 21:20:38 2003 UTC). Are you
certain you have rebuilt pam_krb5? What is the output of `ident
/usr/lib/pam_krb5.so' (should show revision 1.13 or later).
I cvsuped again to get des's recent changes and built world. After a fresh
install, when trying to ssh in i get:
Feb 3 05:02:36 metropolis sshd[3695]: in openpam_load_module(): no pam_krb5.so found
Feb 3 05:02:36 metropolis sshd[3695]: fatal: PAM: initialisation failed
It seems that {build,install}world forgot about pam_krb5.
[daver@metropolis:~]$ ll /usr/lib/pam_krb5*
ls: /usr/lib/pam_krb5*: No such file or directory
[daver@metropolis:~]$ cd /usr/src/lib/libpam/modules/pam_krb5/
[daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ sudo make clean obj all
install
...
[snip]
...
[daver@metropolis:/usr/src/lib/libpam/modules/pam_krb5]$ ll /usr/lib/pam_krb5*
lrwxr-xr-x 1 root wheel 13 Feb 3 05:05 /usr/lib/pam_krb5.so@ - pam_krb5.so.2
-r--r--r-- 1 root wheel 19432 Feb 3 05:05 /usr/lib/pam_krb5.so.2
Then we try to ssh into the machine and,
Feb 3 05:08:14 metropolis sshd[3750]: in openpam_load_module(): no pam_krb5.so found
Feb 3 05:08:14 metropolis sshd[3750]: fatal: PAM: initialisation failed
[daver@metropolis:~]$ ident /usr/lib/pam_krb5.so|grep pam_krb5
/usr/lib/pam_krb5.so:
$FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.15 2003/02/03 09:45:41
des Exp $
The `four hours' does indeed correspond to DES's enabling of pam_krb5
by default in etc/pam.d/sshd.
As a workaround, i can disable krb5 by commenting out the two lines in
/etc/pam.d/sshd which contain pam_krb5.so. Then ssh works just fine.
--
David P. Reese Jr. [EMAIL PROTECTED]
--
C
You shoot yourself in the foot.
Assembler
You try to shoot yourself in the foot, only to discover you must first
invent the gun, the bullet, the trigger, and your foot.
How to Shoot Yourself in the Foot
http://www.m5p.com/~pravn/foot.html
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message
Re: pam is chatty when logging in via ssh
David P. Reese Jr. [EMAIL PROTECTED] writes:
I cvsuped again to get des's recent changes and built world. After a fresh
install, when trying to ssh in i get:
Feb 3 05:02:36 metropolis sshd[3695]: in openpam_load_module(): no pam_krb5.so
found
Feb 3 05:02:36 metropolis sshd[3695]: fatal: PAM: initialisation failed
It seems that {build,install}world forgot about pam_krb5.
Oh drat, I am an idiot. I forgot that pam_krb5 is conditional on
MAKE_KERBEROS5.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message
