| Summary: | Openssh 3.7x, Windows ssh clients and Ldap don't play together | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Matthew Schick <matthew.schick> | ||||
| Component: | PAM support | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> | ||||
| Status: | CLOSED INVALID | ||||||
| Severity: | critical | ||||||
| Priority: | P2 | ||||||
| Version: | 3.7.1p1 | ||||||
| Hardware: | ix86 | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
|
Description
Matthew Schick
2003-09-18 06:30:37 AEST
Created attachment 417 [details]
DEBUG3 Output
Output logged on affected server...
From the sshd_config man page:
UsePAM Enables PAM authentication (via challenge-response) and session
set up. If you enable this, you should probably disable
PasswordAuthentication. If you enable then you will not be able
to run sshd as a non-root user.
What happens if you disable PasswordAuthentication and use keyboard-interactive
on the clients?
This bug caught my eye because I'm a big supporter of LDAP authentication. If I set PasswordAuthentication=No in sshd_config then PuTTY doesn't login regardless of the UsePAM setting. I tried using both an LDAP-served user and a /etc/passwd|shadow user with UsePAM=yes and UsePAM=no and as long as PasswordAuthentication=No then PuTTY won't log in. Could this be an error with PuTTY? Just for fun I tried F-Secure's SSH client (for OpenVMS) and everything worked fine with PasswordAuthentication=No and UsePAM=yes and F-Secure verbosely prints it's using keyboard-interactive. Interestingly though UsePAM=no and PasswordAuthentcation=no breaks F-Secure. Matthew: no reply = closed bug. Jason: make sure PuTTY is using SSHv2 (many versions default to SSHv1 if the server supports both) or if using SSHv1 that you have "TIS/Cryptocard" auth enabled (which is disabled by default). Mass change of RESOLVED bugs to CLOSED |