Bug#362018: libpam-ssh: pam_ssh.so auth doesn't live well with pam_krb5.so auth (from libpam-krb5)

Tue, 11 Apr 2006 13:07:57 -0700 

Package: libpam-ssh
Version: 1.91.0-9.1
Severity: normal

I'm using openssh-server 4.2p1-8. I have modified the
default /etc/pam.d/ssh, from looking like this:

        [..]
        # Standard Un*x authentication.
        @include common-auth

        # Standard Un*x authorization.
        @include common-account

        # Standard Un*x session setup and teardown.
        @include common-session
        [..]

into this:

        [..]
        # Standard Un*x authentication.
        @include common-auth

        # Authenticate against ssh identities
        @include pam-ssh-auth

        # Standard Un*x authorization.
        @include common-account

        # Standard Un*x session setup and teardown.
        @include common-session

        # Start ssh-agent and add keys automaticly
        @include pam-ssh-session
        [..]

Now everything works fine and as expected. However, if I introduce
kerberos into this picture, like this:

        [..]
        auth  sufficient  pam_krb5.so ignore_root forwardable
        auth  required    pam_unix.so try_first_pass nullok_secure

        # Authenticate against ssh identities
        @include pam-ssh-auth

        account  required  pam_krb5.so ignore_root
        account  required  pam_unix.so

        session  optional  pam_krb5.so ignore_root
        session  required  pam_unix.so

        # Start ssh-agent and add keys automaticly
        @include pam-ssh-session

Then I can log correctly, the ssh-agent is started, but it has
no keys! What's wrong here?? I tried running sshd with -d, but
there no messages looked peculiar to me... Nothing in auth syslog
either.

My password is the same in all the three places
(/etc/shadow for pam_unix.so, kerberos KDC for pam_krb5.so, and
.ssh/id_rsa for pam_ssh.so).

Regards,

Oskar

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2
Locale: LANG=C, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages libpam-ssh depends on:
ii  libc6                         2.3.6-5    GNU C Library: Shared libraries an
ii  libpam0g                      0.79-3.1   Pluggable Authentication Modules l
ii  libssl0.9.8                   0.9.8a-8   SSL shared libraries

Versions of packages libpam-ssh recommends:
pn  ssh-krb5 | ssh                <none>     (no description available)

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to