Bug#64947: marked as done (/etc/pam.d/ssh doesn't honor base-config settings)
Your message dated Sun, 22 Feb 2004 18:43:54 +0000
with message-id <20040222184354.GA2655@riva.ucam.org>
and subject line Bug#64947: /etc/pam.d/ssh doesn't honor base-config settings
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 May 2000 00:04:37 +0000
>From cesarb@nitnet.com.br Tue May 30 19:04:36 2000
Return-path: <cesarb@nitnet.com.br>
Received: from itaipu.nitnet.com.br [200.255.111.241]
by master.debian.org with smtp (Exim 3.12 2 (Debian))
id 12wvzt-0006Q0-00; Tue, 30 May 2000 19:04:34 -0500
Received: (qmail 21187 invoked from network); 31 May 2000 00:00:10 -0000
Received: from salzburg.nitnet.com.br (HELO cesarb2.cesarb.personal) (200.255.111.229)
by itaipu.nitnet.com.br with SMTP; 31 May 2000 00:00:10 -0000
Received: from cesarb by cesarb2.cesarb.personal with local (Exim 3.12 #1 (Debian))
id 12wvvq-00018R-00; Tue, 30 May 2000 21:00:22 -0300
From: Cesar Eduardo Barros <cesarb@nitnet.com.br>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /etc/pam.d/ssh doesn't honor base-config settings
X-Reportbug-Version: 0.55
X-Mailer: reportbug 0.55
Date: Tue, 30 May 2000 21:00:21 -0300
Message-Id: <E12wvvq-00018R-00@cesarb2.cesarb.personal>
Delivered-To: submit@bugs.debian.org
Package: ssh
Version: 1:1.2.3-4
Severity: normal
ssh doesn't honor base-config's "use MD5" settings by default in /etc/pam.d/ssh
It should request md5 passwords in the password line if base-config was set up
to use MD5
-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux cesarb2 2.2.14 #1 Wed May 10 17:20:51 BRT 2000 i586
Versions of packages ssh depends on:
ii libc6 2.1.3-10 GNU C Library: Shared libraries an
ii libpam-modules 0.72-8 Pluggable Authentication Modules f
ii libpam0g 0.72-8 Pluggable Authentication Modules l
ii libssl09 0.9.4-5 SSL shared libraries
ii libwrap0 7.6-4 Wietse Venema's TCP wrappers libra
ii zlib1g [libz1] 1:1.1.3-5 compression library - runtime
-- Configuration Files:
/etc/pam.d/ssh changed [not included]
/etc/ssh/sshd_config changed [not included]
---------------------------------------
Received: (at 64947-done) by bugs.debian.org; 22 Feb 2004 18:43:56 +0000
>From cjwatson@flatline.org.uk Sun Feb 22 10:43:56 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Auya4-000168-00; Sun, 22 Feb 2004 10:43:56 -0800
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
id 1Auya3-0005I9-00; Sun, 22 Feb 2004 18:43:55 +0000
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
id 1Auya2-0000iM-00; Sun, 22 Feb 2004 18:43:54 +0000
Date: Sun, 22 Feb 2004 18:43:54 +0000
From: Colin Watson <cjwatson@debian.org>
To: Jan Kluka <kluka@pobox.sk>
Cc: 64947-done@bugs.debian.org
Subject: Re: Bug#64947: /etc/pam.d/ssh doesn't honor base-config settings
Message-ID: <20040222184354.GA2655@riva.ucam.org>
References: <200112130923.KAA27373@www2.pobox.sk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200112130923.KAA27373@www2.pobox.sk>
User-Agent: Mutt/1.3.28i
Delivered-To: 64947-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_22
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=HAS_BUG_NUMBER,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_02_22
X-Spam-Level:
Package: openssh
Version: 1:3.6.1p2-10
On Thu, Dec 13, 2001 at 10:23:47AM +0100, Jan Kluka wrote:
> Sorry for digging up an old issue, but Mandrake people have fixed the
> same problem with their passwd recently and considered the fix a security
> update (http://www.securityfocus.com/archive/1/245148):
>
> > The default pam files for the passwd program did not include support
> > for md5 passwords, thus any password changes or post-install added
> > users would not have md5 passwords.
>
> I moved for Debian from RedHat and if I really don't like something about
> Debian, it is the way /etc/pam.d is (dis)organized. RH uses pam_stack to
> refer from service-specific pam configuration to the default (/etc/pam.d/
> system-auth). There's no need to change config for all services, when
> you eg. install libcrack; you update system-auth only and all the
> services that may be used to change password (passwd as well as login and
> ssh if the password has expired) will use it.
This has been fixed for a while now, but I didn't notice this bug at the
time:
openssh (1:3.6.1p2-10) unstable; urgency=low
[...]
* Implement New World Order for PAM configuration, including
/etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959).
[...]
-- Colin Watson <cjwatson@debian.org> Sun, 16 Nov 2003 01:14:16 +0000
In order to change pam_unix configuration for all PAM services, you
simply edit the /etc/pam.d/common-* files.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: