Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
bugzilla-daemon at mindrot
Sep 17, 2003, 12:30 PM
Post #1 of 4 (756 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=667

Summary: Openssh 3.7x, Windows ssh clients and Ldap don't play
together
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: matthew.schick@usm.edu


The 3.7 versions of Openssh will refuse to authenticate via password (didn't try
keys) for the ssh.com and Putty clients IF the server is using ldap
authentication. Authentication isn't a problem if the openssh client is used
(even under cygwin), or if any windows client is used to connect to an openssh
server using passwd/shadow auth.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 12:31 PM
Post #2 of 4 (738 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=667





------- Additional Comments From matthew.schick@usm.edu 2003-09-18 06:31 -------
Created an attachment (id=417)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=417&action=view)
DEBUG3 Output

Output logged on affected server...



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 8:10 PM
Post #3 of 4 (728 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=667





------- Additional Comments From dtucker@zip.com.au 2003-09-18 14:10 -------
From the sshd_config man page:
UsePAM Enables PAM authentication (via challenge-response) and session
set up. If you enable this, you should probably disable
PasswordAuthentication. If you enable then you will not be able
to run sshd as a non-root user.

What happens if you disable PasswordAuthentication and use keyboard-interactive
on the clients?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together [ In reply to ]
bugzilla-daemon at mindrot
Sep 21, 2003, 5:41 PM
Post #4 of 4 (731 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=667





------- Additional Comments From jason@devrandom.org 2003-09-22 11:41 -------
This bug caught my eye because I'm a big supporter of LDAP authentication. If I
set PasswordAuthentication=No in sshd_config then PuTTY doesn't login regardless
of the UsePAM setting. I tried using both an LDAP-served user and a
/etc/passwd|shadow user with UsePAM=yes and UsePAM=no and as long as
PasswordAuthentication=No then PuTTY won't log in. Could this be an error with
PuTTY? Just for fun I tried F-Secure's SSH client (for OpenVMS) and everything
worked fine with PasswordAuthentication=No and UsePAM=yes and F-Secure verbosely
prints it's using keyboard-interactive. Interestingly though UsePAM=no and
PasswordAuthentcation=no breaks F-Secure.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal