Here is the relevant snippet of /etc/pam.d/ssh:
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were
moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
common-auth consists of the following:
auth required pam_unix.so nullok
and /etc/security/pam_env.conf doesn't have any uncommented lines.
On Apr 12, 2007, at 3:30 PM, Steve Langasek wrote:
On Wed, Apr 11, 2007 at 06:24:23PM -0700, neuro wrote:
Upon doing a dist-upgrade to Debian 4.0 via aptitude, login via ssh
keyboard-interactive authentication to normal accounts (those with
passwords) was broken. ssh -v reported authentication succeeding,
then
the connection would be closed immediately.
An excerpt from /var/log/auth.log showed there to be a problem
with PAM:
Apr 11 16:48:28 localhost sshd[14571]: Accepted keyboard-
interactive/pam for neuro from 38.100.222.81 port 1064 ssh2
Apr 11 16:48:28 localhost sshd[14576]: (pam_unix) session opened
for user neuro by (uid=0)
Apr 11 16:48:28 localhost sshd[14576]: fatal: PAM: pam_setcred():
Permission denied
Apr 11 16:48:28 localhost sshd[14576]: (pam_unix) session closed
for user neuro
What authentication modules do you have configured for sshd? This
looks
like a misconfiguration to me; if the pam_setcred part of a
required auth
module needs pam_authenticate() to be called first, configuring
your service
such that PAM authentication is bypassed is a configuration error.
--
Steve Langasek Give me a lever long enough and a
Free OS
Debian Developer to set it on, and I can move the
world.
[EMAIL PROTECTED] http://
www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]