Bug#240953: ssh: broken pam_krb5
Package: ssh
Version: 1:3.8p1-2
Severity: normal
Usage of OpenSSH with pam_krb5 has been broken for some versions now.
The fix suggested by OpenAFS mailing list is to build OpenSSH with
pthread support (so auth-pam.c will use real threads instead of
simulating threads with child processes). However, after doing so, sshd
no longer functions properly:
Mar 29 18:45:18 zephyr sshd[29706]: fatal: buffer_get: trying to get
more bytes 4 than in buffer 0
I'm not sure if this is related to the Debian package, or a bug for
upstream, since others claimed it was working for them.
The patch for building w/pthread is here:
http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0402/61.html
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.4.16 Debian configuration management sy
ii dpkg 1.10.20 Package maintenance system for Deb
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libpam-modules 0.76-15 Pluggable Authentication Modules f
ii libpam-runtime 0.76-15 Runtime support for the PAM librar
ii libpam0g 0.76-15 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1-5 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
* ssh/privsep_tell:
ssh/ssh2_keys_merged:
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
Reply to: