Re: Openssh 1.2pre17-1 broken?

[Ethan Benson <erbenson@alaska.net>]

On 14/12/99 hservoma@wis02.ec.t.kanazawa-u.ac.jp wrote:

> This is interesting, where did you read about /etc/pam.d/ssh -> sshd ?

normally a pam service will look for a file with the name name as the 
binary, so sshd will load pam.d/sshd, this can be overridden in the 
service program by changing the call to PAM_INIT (or someting like 
that) the debian maintainer does this himself as he wishes to keep 
the pam file called ssh not sshd.

> The only way I'm able to get ssh to forward X connections on RH6.1
> is to add
>
> 	sshdfwd-X11: 127.0.0.1 :severity auth.notice : ALLOW
>
> to /etc/hosts.allow

I think this is normal at least i read you had to add sshdfwd-X11 
entries for non-free ssh in the man page.

> Otherwise pam refuses the connection. I didn't see anything wrong
> with /etc/pam.d/ssh

the current version is not using it at all, instead its using 
/etc/pam.d/other   (on debian anyway, i think redhat just calls the 
pam.d file sshd)

> Will try hardlinking next ;)

since i already reported this bug once and had it fixed I think i may 
just leave a hard link there permanently, thats much better then 
being locked out whenever the maintainer forgets that mod on a new 
upstream version..

I just need something to put in pam.d/other that is more obvious that 
the service is misconfigured then what pam_warn throws in..

(i don't like the idea of unconfigured pam services mostly working 
off of the other configuration without my knowing it, that is why i 
set it to deny)

Ethan