[Freeipa-users] GSSAPI authentication from trusted AD domain
Tiemen Ruiten
t.ruiten at rdmedia.com
Tue May 2 15:46:34 UTC 2017
I think I just realised that my expectation may be wrong: GSSAPI login with
a FreeIPA user logged in on an AD host to a FreeIPA host works. So is it
correct to also expect passwordless login with an AD user to a FreeIPA host?
On 2 May 2017 at 17:40, Jason B. Nance <jason at tresgeek.net> wrote:
> Hi Tiemen,
>
> To be clear, what I'm trying to do: log in from an AD account
> (adm.tiemen), from an AD host (leon.clients.rdmedia.com) to a FreeIPA
> host (neodymium.test.ams.i.rdmedia.com) with the same AD account. I
> expect to be logged in through GSSAPI, instead I get a password prompt.
>
> I'm assuming that you are coming from a Windows client that is domain
> joined and logged into that Windows client with the same domain credentials
> that you are using to connect to the IPA-joined host. Do you also have
> your SSH client configured to attempt GSSAPI? It appears that you do from
> the logs you provided but I'm just double-checking.
>
> In my setup I've found that this feature does not work all of the time.
> I've not yet been able to track it down and I'm assuming it has something
> to do with connections to domain controllers timing out, but at this point
> that is speculation.
>
> So to answer your question, yes, that should work. Sorry I don't have
> more information for you, I guess I'm basically "me too"ing your post.
>
> Regards,
>
> j
>
> Is this supposed to work? Did I miss something?
>
> Below the SSH log from the FreeIPA host with LogLevel DEBUG3:
>
> May 2 17:10:32 neodymium sshd[572]: debug3: fd 5 is not O_NONBLOCK
> May 2 17:10:32 neodymium sshd[572]: debug1: Forked child 752.
> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: entering fd
> = 8 config len 922
> May 2 17:10:32 neodymium sshd[572]: debug3: ssh_msg_send: type 0
> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: done
> May 2 17:10:32 neodymium sshd[752]: debug3: oom_adjust_restore
> May 2 17:10:32 neodymium sshd[752]: Set /proc/self/oom_score_adj to 0
> May 2 17:10:32 neodymium sshd[752]: debug1: rexec start in 5 out 5
> newsock 5 pipe 7 sock 8
> May 2 17:10:32 neodymium sshd[752]: debug1: inetd sockets after dupping:
> 3, 3
> May 2 17:10:32 neodymium sshd[752]: Connection from 192.168.10.155 port
> 53106 on 192.168.50.63 port 22
> May 2 17:10:32 neodymium sshd[752]: debug1: Client protocol version 2.0;
> client software version PuTTY_KiTTY
> May 2 17:10:32 neodymium sshd[752]: debug1: no match: PuTTY_KiTTY
> May 2 17:10:32 neodymium sshd[752]: debug1: Enabling compatibility mode
> for protocol 2.0
> May 2 17:10:32 neodymium sshd[752]: debug1: Local version string
> SSH-2.0-OpenSSH_6.6.1
> May 2 17:10:32 neodymium sshd[752]: debug2: fd 3 setting O_NONBLOCK
> May 2 17:10:32 neodymium sshd[752]: debug3: ssh_sandbox_init: preparing
> rlimit sandbox
> May 2 17:10:32 neodymium sshd[752]: debug2: Network child is on pid 753
> May 2 17:10:32 neodymium sshd[752]: debug3: preauth child monitor started
> May 2 17:10:32 neodymium sshd[752]: debug1: SELinux support disabled
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: privsep user:group 74:74
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: permanently_set_uid: 74/74
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: list_hostkey_types:
> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 42 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 43 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking
> request 42
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 43
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT sent
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT received
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+
> al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve
> 25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
> sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
> group14-sha1,diffie-hellman-group1-sha1 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com
> ,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm@
> openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-
> 128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,h
> mac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com
> ,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm@
> openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
> hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-
> 128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,h
> mac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,
> zlib at openssh.com [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,
> zlib at openssh.com [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> first_kex_follows 0 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
> sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
> group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
> ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-
> ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305 at openssh.com
> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-
> ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305 at openssh.com
> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-
> 256-etm at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com
> ,hmac-md5-etm at openssh.com [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-
> 256-etm at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com
> ,hmac-md5-etm at openssh.com [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> first_kex_follows 0 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup
> hmac-sha2-256 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: client->server
> aes256-ctr hmac-sha2-256 none [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup
> hmac-sha2-256 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: server->client
> aes256-ctr hmac-sha2-256 none [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex:
> curve25519-sha256 at libssh.org need=32 dh_need=32 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 120 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 121 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking
> request 120
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 121
> May 2 17:10:32 neodymium sshd[752]: debug1: kex:
> curve25519-sha256 at libssh.org need=32 dh_need=32 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 120 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 121 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking
> request 120
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 121
> May 2 17:10:32 neodymium sshd[752]: debug1: expecting
> SSH2_MSG_KEX_ECDH_INIT [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign entering [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 6 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign: waiting for
> MONITOR_ANS_SIGN [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 7 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking
> request 6
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign: signature
> 0x7f7ea34ed250(83)
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering:
> type 7
> May 2 17:10:32 neodymium sshd[752]: debug2: monitor_read: 6 used once,
> disabling now
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_derive_keys [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: set_newkeys: mode 1 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS sent
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_NEWKEYS
> [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug2: set_newkeys: mode 0 [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS received
> [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug1: KEX done [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user
> adm.tiemen at clients.rdmedia.com service ssh-connection method none
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 0 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 8 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow: waiting for
> MONITOR_ANS_PWNAM [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 9 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 8
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow
> May 2 17:10:42 neodymium sshd[752]: debug3: Trying to reverse map address
> 192.168.10.155.
> May 2 17:10:42 neodymium sshd[752]: debug2: parse_server_config: config
> reprocess config len 922
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow: sending
> MONITOR_ANS_PWNAM: 1
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 9
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 8 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request:
> setting up authctxt for adm.tiemen at clients.rdmedia.com [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_start_pam entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 100 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authserv entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 4 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authrole entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 80 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try
> method none [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: userauth_finish: failure
> partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive"
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 100
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: initializing for "
> adm.tiemen at clients.rdmedia.com"
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_RHOST to
> "192.168.10.155"
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_TTY to "ssh"
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 100 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user
> adm.tiemen at clients.rdmedia.com service ssh-connection method
> gssapi-with-mic [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 1 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try
> method gssapi-with-mic [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 42 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 43 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 4
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authserv:
> service=ssh-connection, style=
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 4 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 80
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authrole: role=
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 80 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 42
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 43
> May 2 17:10:42 neodymium sshd[752]: Postponed gssapi-with-mic for
> adm.tiemen at clients.rdmedia.com from 192.168.10.155 port 53106 ssh2
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user
> adm.tiemen at clients.rdmedia.com service ssh-connection method
> keyboard-interactive [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 2 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try
> method keyboard-interactive [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: keyboard-interactive devs
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge: user=
> adm.tiemen at clients.rdmedia.com devs= [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: kbdint_alloc: devices 'pam'
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: auth2_challenge_start:
> devices pam [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: kbdint_next_device: devices
> <empty> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge_start: trying
> authentication method 'pam' [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 104 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx: waiting
> for MONITOR_ANS_PAM_INIT_CTX [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 105 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 104
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_init_ctx
> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_init_ctx entering
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 105
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 106 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: waiting for
> MONITOR_ANS_PAM_QUERY [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect
> entering: type 107 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking
> request 106
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_query
> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_query entering
> May 2 17:10:42 neodymium sshd[752]: debug3: ssh_msg_recv entering
> May 2 17:10:42 neodymium sshd[766]: debug3: PAM: sshpam_thread_conv
> entering, 1 messages
> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_send: type 1
> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_recv entering
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering:
> type 107
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: pam_query
> returned 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: Postponed keyboard-interactive for
> adm.tiemen at clients.rdmedia.com from 192.168.10.155 port 53106 ssh2
> [preauth]
>
>
>
>
>
>
>
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
--
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170502/9501ebbf/attachment.htm>
More information about the Freeipa-users
mailing list