weird pam error

[Dan Gahlinger]

I'm getting this pam error in my /var/log/messages but not sure what to make of it

Dec 18 22:05:48 mail sshd[23001]: error: bind: Address already in use
Dec 18 22:05:48 mail sshd[23001]: error: channel_setup_fwd_listener: cannot listen to port: 2525
Dec 18 22:17:02 mail sshd[32360]: PAM audit_log_acct_message() failed: Operation not permitted
Dec 19 00:17:03 mail sshd[23001]: PAM audit_log_acct_message() failed: Operation not permitted
Dec 19 02:47:05 mail sshd[26035]: PAM audit_log_acct_message() failed: Operation not permitted

even though port 2525 is not in use (checked with netstat)
I'm trying to setup ssh -N -R to port 2525 as a reverse ssh tunnel from another system.

This worked for the longest time, until I upgraded to suse 10.3, and now it seems most of the time it doesn't work.
although sometimes it does.

and a really weird problem, related to this, sometimes it works, yet the userid used for the ssh never shows up as logged in or in the process table.
yet, port 2525 is there and working at those times.

so the big question is, is it a problem with pam, or ssh or both? and where do I start to find out?

My /etc/pam.d/sshd looks like this:

#%PAM-1.0
auth     requisite      pam_nologin.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session  optional      pam_resmgr.so fake_ttyname

Can anyone help ?

_________________________________________________________________
Discover new ways to stay in touch with Windows Live! Visit the City @ Live today!
http://getyourliveid.ca/?icid=LIVEIDENCA006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20071219/789d2a08/attachment.htm>