Bug#240506: ldap authentication breakage

To: Debian Bug Tracking System <240506@bugs.debian.org>
Subject: Bug#240506: ldap authentication breakage
From: Brian Bennett <bahamat@digitalelf.net>
Date: Thu, 29 Apr 2004 16:02:08 -0700
Message-id: <[🔎] 20040429231850.66E1F3484E4@mail.corp.anonymizer.com>
Reply-to: Brian Bennett <bahamat@digitalelf.net>, 240506@bugs.debian.org

Package: ssh
Version: 1:3.8p1-3
Severity: normal
Followup-For: Bug #240506

I appear to have the exact same problem, except that it's on a new box
that I'm setting up rather than an upgrade.  I read through all of the
previous messages on this bug and thought that I should add some input
that hopefully will clarify some things.

I already have an ldap server/client/ssh enviornment set up and working
perfectly, I'm just trying to add a client to the farm.

That being said, there are aproximately 6,000 or so posixAccount users
in the LDAP.  They all work in the existing farm.

On the new box that I set up, my local user account has the same username
as one of the LDAP accounts (my account in the LDAP).  If I attempt to
log in over ssh or on the console with an account that exists locally AND
in the LDAP I can use either my local password, or my LDAP password and
gain entry to the system.  If I attempt to log in with a user that exists
ONLY in LDAP I get an "illegal user" message in the auth.log and can't
log in.

That being said, let me reiterate, I've configured login and sshd to use
use LDAP, and I get the same behaviour from both.  Users must exist in
the local passwd file, or they can't get it.  Since this is the case,
I don't think this bug has anything to do with SSH (either that or whatever
broke ssh was also done to login and broke it as well) and should be moved
to libpam0g, libpam_ldap or something else along those lines.

Can we get the pam guys involved with this bug?

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-1-386
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.52         Add and remove users and groups
ii  debconf                     1.4.22       Debian configuration management sy
ii  dpkg                        1.10.20      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-19      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-19      Runtime support for the PAM librar
ii  libpam0g                    0.76-19      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7d-1     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-5    compression library - runtime

-- debconf information:
  ssh/insecure_rshd: 
  ssh/ssh2_keys_merged: 
  ssh/user_environment_tell: 
* ssh/forward_warning: 
  ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
  ssh/run_sshd: true
  ssh/SUID_client: true

Reply to:

Prev by Date: Bug#244659: Confirmed ..
Next by Date: Bug#117318: curtfad
Previous by thread: Bug#244659: Confirmed ..
Next by thread: Bug#117318: curtfad
Index(es):
- Date
- Thread