--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh-krb5: password authentication does not use pam
- From: Chaskiel Grundman <cg2v@andrew.cmu.edu>
- Date: Tue, 19 Apr 2005 00:00:07 -0400
- Message-id: <200504190400.j3J407DW014878@lily.dementia.org>
Package: ssh-krb5
Version: 3.8.1p1-7
Severity: normal
README.Debian still states
"Unfortunately, privilege separation interacts badly with PAM. [...]
and PAM keyboard-interactive authentication won't work."
but that doesn't seem to be true at all. keyboard-interactive
authentication _is_ enabled, and does work with privsep.
Moreover, if an ssh client that does not perform keyboard-interactive
authentication connects to the server, pam is not used for password
validation.
Even if this is considered appropriate behavior, I would think that it would
merit a mention in NEWS. I will even suggest that not supporting
PasswordAuthentication at all would be better than the current behavior.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: sparc (sparc64)
Kernel: Linux 2.4.27-2-sparc64
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ssh-krb5 depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libcomerr2 1.35-6 The Common Error Description libra
ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.2-3 compression library - runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: false
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: false
--- End Message ---