PAM_MOUNT and SSH

Murray Trainer mtrainer at central-data.net
Wed Mar 16 06:11:35 UTC 2005


On Wed, 2005-03-16 at 13:30, Darren Tucker wrote:
> Murray Trainer wrote:
> > Are there any workarounds for the problem below.  
> 
> [with pam_mount and...]
> 
> >>"Jan 21 15:38:07 SUSE92 PAM-warn[30346]: function=[pam_sm_acct_mgmt] 
> >>service=[sshd] terminal=[ssh] user=[dawsona] ruser=[<unknown>] 
> >>rhost=[localhost] 
> >>Jan 21 15:38:07 SUSE92 sshd[30345]: Accepted keyboard-interactive/pam
> >>for dawsona from ::ffff:127.0.0.1 port 1443 ssh2 
> 
> For OpenSSH 3.9p1 and 4.0p1, you can set the following in sshd_config:
> 
> ChallengeResponseAuthentication no
> PasswordAuthentication yes
> 
> For the gory details about why this problem fixes the problem, see:
> http://bugzilla.mindrot.org/show_bug.cgi?id=688
> 
> There is also an issue with unmounting the the fs at logoff.  There is a 
> patch for that at the bug below, however that will only work when privsep 
> is disabled.
> http://bugzilla.mindrot.org/show_bug.cgi?id=926
> 
> If you're interested in testing a patch to fix it for privsep too (when I 
> get a chance to write one, that is) please feel free to add yourself to 
> the bug's CC list so you will get notified when it changes.

Hi Darren,

I tried using ChallengeResponseAuthentication no and
PasswordAuthentication yes.  It worked OK for ssh sessions but we are
tunneling NX sessions through SSH and the NX server had a problem with
that configuration.  I look forward to testing any patches you can come
up with.    

Thanks

Murray




More information about the Pam-list mailing list