[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Probem with openssh and pam modules

Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
> At 16:56 02/10/2002 +0200, administrateur@xmon.net wrote:
> >did you check all module invoked in /etc/pam.d/ssh can be found
> >in /lib/security/  ?
>
> Yes it can be found.
>
> here, take a look :

Hi, 

just a guess:
What about disabling all "session"-entries except the first in the 
/etc/pam.d/shh like this:

auth       required     pam_nologin.so
auth       required     pam_unix.so
auth       required     pam_env.so # [1]
account    required     pam_unix.so
session    required     pam_unix.so
#session    optional     pam_lastlog.so # [1]
#session    optional     pam_motd.so # [1]
#session    optional     pam_mail.so standard noenv # [1]
#session    required     pam_limits.so
password   required     pam_unix.so

Well, the debug-msg says something about a failed session
>> debug1: PAM setting tty to "/dev/pts/3"
>> PAM session setup failed[28]: Module is unknown

another guess:
maybe the kernel has no support for the pseudo-terminal pty or the 
/dev/pty-filesystem compiled in?

HTH,
Marcus


> ______________________________________________
> poseidon:/etc/pam.d# cat /etc/pam.d/ssh
> #%PAM-1.0
> auth       required     pam_nologin.so
> auth       required     pam_unix.so
> auth       required     pam_env.so # [1]
>
> account    required     pam_unix.so
>
> session    required     pam_unix.so
> session    optional     pam_lastlog.so # [1]
> session    optional     pam_motd.so # [1]
> session    optional     pam_mail.so standard noenv # [1]
> session    required     pam_limits.so
>
> password   required     pam_unix.so
>
> # Alternate strength checking for password. Note that this
> # requires the libpam-cracklib package to be installed.
> # You will need to comment out the password line above and
> # uncomment the next two in order to use this.
> #
> # password required       pam_cracklib.so retry=3 minlen=6 difok=3
> # password required       pam_unix.so use_authtok nullok md5
>
> poseidon:/etc/pam.d# ls /lib/security/
> pam_access.so    pam_filter.so  pam_lastlog.so    pam_motd.so
> pam_rootok.so     pam_time.so         pam_unix_session.so
> pam_cracklib.so  pam_ftp.so     pam_limits.so     pam_nologin.so
> pam_securetty.so  pam_unix.so         pam_userdb.so
> pam_debug.so     pam_group.so   pam_listfile.so   pam_permit.so
> pam_shells.so     pam_unix_acct.so    pam_warn.so
> pam_deny.so      pam_issue.so   pam_mail.so       pam_pwdfile.so
> pam_stress.so     pam_unix_auth.so    pam_wheel.so
> pam_env.so       pam_krb5.so    pam_mkhomedir.so  pam_rhosts_auth.so
> pam_tally.so      pam_unix_passwd.so
> poseidon:/etc/pam.d#
>
>
> Everthing is there...
>
>
> Alexis Sukrieh (sukria), <alexis@sukria.net>
> . homepage - [http://sukria.net]
> . clef PGP - [http://sukria.net/print.php?c=privacy]
> . mydynaweb - [http://www.mydynaweb.net]
> ______________________________________________
Reply to: