[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !



I ruled out the third possibility by changing the pass , making it md5 again and tried to login with ssh...but it was permission denied

About the first possibility .. is there a way to check if the pam module 'pam_unix.so' supports (freebsd) md5 encryption ?

Second possibility .. after changing the pass of testuser (md5) and of another user and tried just a plain login from the console it works, login uses pam authentication ...



> Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com
>Date: Mon, 6 May 2002 11:26:05 -0500
>
>On Mon, May 06, 2002 at 08:52:41AM -0700, light storm wrote:
>> Hello Steve,all
>
>> I added the debug option the password rule and the auth rule in the
>> sshd pam file, but as far as i can see nothing was sent to the logs, i
>> mean messages and warn logs, unless i should check some other log
>> which i cannot see at the moment ??
>
>You would need to check your /etc/syslog.conf to see where -- if
>anywhere -- auth.* messages are currently being sent.  On my machine,
>that's /var/log/auth and /var/log/debug.
>
>> But i think i found the problem but if it is real then i still don't
>> know what i can do:
>
>> I changed the password of the user 'testuser' with some other tool
>> which doesn't create md5 passwords. 
>
>> Then i tried again ssh and now i can login, but 2 things i conclude
>> now:  1. ssh lets me , i only need the first 8 chars to enter
>>       2. it seems that when it's md5 encrypted then authentication
>>          fails.
>
>If using traditional crypt passwords, only the first 8 characters of the
>password are encrypted.
>
>> debug1: PAM Password authentication accepted for user "testuser"
>> Accepted password for testuser from 192.168.200.30 port 33030 ssh2
>> debug1: Entering interactive session for SSH2.
>
>A couple possibilities I can think of:
>
>The pam_unix module you're using doesn't support md5 passwords.
>
>The password you had for testuser was not a valid md5 hash, causing
>authentication to fail.
>
>The testuser account was expired, and PAM was requiring a password
>change, but the password change was failing.
>
>To rule out the third possibility, I suggest setting a new md5 password
>for testuser and trying to ssh in again.
>
>Steve Langasek
>postmodern programmer
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE81q6cKN6ufymYLloRAm5tAJsEXWRQqvwkHLLgvVovArcZYdPfOgCfZlOp
>4yPKUt6SYku4bG02nfJWwho=
>=AZN/
>-----END PGP SIGNATURE-----


------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!


---------------------------------------------------------------------
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
---------------------------------------------------------------------





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []