|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marcus Beranek (errormsg_at_gmx.net)
Date: Wed Oct 02 2002 - 11:59:25 CDT
Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
> At 16:56 02/10/2002 +0200, administrateur
xmon.net wrote:
> >did you check all module invoked in /etc/pam.d/ssh can be found
> >in /lib/security/ ?
>
> Yes it can be found.
>
> here, take a look :
Hi,
just a guess:
What about disabling all "session"-entries except the first in the
/etc/pam.d/shh like this:
auth required pam_nologin.so
auth required pam_unix.so
auth required pam_env.so # [1]
account required pam_unix.so
session required pam_unix.so
#session optional pam_lastlog.so # [1]
#session optional pam_motd.so # [1]
#session optional pam_mail.so standard noenv # [1]
#session required pam_limits.so
password required pam_unix.so
Well, the debug-msg says something about a failed session
>> debug1: PAM setting tty to "/dev/pts/3"
>> PAM session setup failed[28]: Module is unknown
another guess:
maybe the kernel has no support for the pseudo-terminal pty or the
/dev/pty-filesystem compiled in?
HTH,
Marcus
> ______________________________________________
> poseidon:/etc/pam.d# cat /etc/pam.d/ssh
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_unix.so
> auth required pam_env.so # [1]
>
> account required pam_unix.so
>
> session required pam_unix.so
> session optional pam_lastlog.so # [1]
> session optional pam_motd.so # [1]
> session optional pam_mail.so standard noenv # [1]
> session required pam_limits.so
>
> password required pam_unix.so
>
> # Alternate strength checking for password. Note that this
> # requires the libpam-cracklib package to be installed.
> # You will need to comment out the password line above and
> # uncomment the next two in order to use this.
> #
> # password required pam_cracklib.so retry=3 minlen=6 difok=3
> # password required pam_unix.so use_authtok nullok md5
>
> poseidon:/etc/pam.d# ls /lib/security/
> pam_access.so pam_filter.so pam_lastlog.so pam_motd.so
> pam_rootok.so pam_time.so pam_unix_session.so
> pam_cracklib.so pam_ftp.so pam_limits.so pam_nologin.so
> pam_securetty.so pam_unix.so pam_userdb.so
> pam_debug.so pam_group.so pam_listfile.so pam_permit.so
> pam_shells.so pam_unix_acct.so pam_warn.so
> pam_deny.so pam_issue.so pam_mail.so pam_pwdfile.so
> pam_stress.so pam_unix_auth.so pam_wheel.so
> pam_env.so pam_krb5.so pam_mkhomedir.so pam_rhosts_auth.so
> pam_tally.so pam_unix_passwd.so
> poseidon:/etc/pam.d#
>
>
> Everthing is there...
>
>
> Alexis Sukrieh (sukria), <alexissukria.net>
> . homepage - [http://sukria.net]
> . clef PGP - [http://sukria.net/print.php?c=privacy]
> . mydynaweb - [http://www.mydynaweb.net]
> ______________________________________________
-- To UNSUBSCRIBE, email to debian-security-request
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]