Re: OpenSSH public key problem with Solaris 10

This is a discussion on Re: OpenSSH public key problem with Solaris 10 within the OpenSSH Development forums, part of the Networking and Network Related category; Arrg. Yup, I need Kerberos to work in this case. Of course it works when a password is entered, but ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: OpenSSH public key problem with Solaris 10

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-30-2006
Erich Weiler
 
Posts: n/a
Default Re: OpenSSH public key problem with Solaris 10
Arrg. Yup, I need Kerberos to work in this case. Of course it works
when a password is entered, but the public key thing would be very nice.
Annoyingly enough this works under linux (redhat/fedora). I guess
Sun's kerberos PAM module is somewhat lacking in functionality.

How annoying of Sun!

Thanks for the reply in any case.

Darren Tucker wrote:
> On Fri, Jun 30, 2006 at 07:04:20AM -0700, Erich Weiler wrote:
>> Hi ya'll-
>>
>> I've got this odd openssh problem with Solaris 10 I was hoping someone
>> could shed some light on. Not sure if it is a bug... Basically I'm
>> trying to use pubkeys as an auth method, but am having issues. I can
>> log in using passwords no problem, but as soon as it notices a matching
>> public key it closes the connection. I ran the sshd server (on Solaris
>> 10 box) in debug mode and got this output when I tried to log in:
> [...]
>> Found matching RSA key: 4d:c0:33:3b:dd:75:89:bb:d1:36:e7:17:2b:85:34:9c
>> debug1: restore_uid: 0/0
>> debug1: ssh_rsa_verify: signature correct
>> debug1: do_pam_account: called
>> Access denied for user weiler by PAM account configuration
> [...]
>
> What's happening is that sshd is successfully authenticating via
> public-key.
>
> It then tries to check the account status via PAM which fails, because you
> have Kerberos modules in your PAM config but public-key authentication
> does not provide the Kerberos credentials required for the module to
> perform those checks, and thus it fails.
>
> If you don't use Kerberos then you can comment out the Kerberos account
> (and probably session) modules. (You might want to create a "sshd"
> service in the PAM config specifically for it.) If you do use Kerberos
> then I'm not sure what your options are.
>

--
===================================
Erich Weiler
UNIX Systems Administrator
School of Engineering
University of California Santa Cruz
weiler@soe.ucsc.edu
===================================

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:34 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0