Mailing List Archive

[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=712

Summary: ssh does not properly utilize OS specified
authentication methods on AIX
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: phoenix@internetstatic.com


AIX allows for the possibility of using other authentication methods to login to
the system in any user definition, which are specified by auth1 and auth2. An
auth field set to SYSTEM refers to the internal, normal shadow passworded files
on the system. However, other methods can be specified under
/etc/security/login.cfg, and ssh ignores these. If one of these methods is in
use, ssh allows a single space, or even any key sequence to allow anyone to
access the account.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=712





------- Additional Comments From dtucker@zip.com.au 2003-09-24 19:24 -------
Created an attachment (id=464)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=464&action=view)
Move AIX password auth to port-aix.c and use authenticate's reenter

Please try this patch. I've had this in a local tree for a month or so but up
until now I haven't heard of anyone who actually used that functionality (and
therefore would be able to test it!) Regular SYSTEM password auth still works
for me (AIX 5.2 tested).

What are you using non-SYSTEM auth for? It's not an eNetwork firewall is it?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=712





------- Additional Comments From phoenix@internetstatic.com 2003-09-25 03:44 -------
The above patch does not address the issue. The system still accepts any
keystroke(s) as an acceptable password for IDs with auth1 set to something other
than SYSTEM regardless of what it should be.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=712

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #464 is|0 |1
obsolete| |



------- Additional Comments From dtucker@zip.com.au 2003-09-25 06:51 -------
Created an attachment (id=465)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=465&action=view)
Add call to setauthdb() in auth.c

The only other thing I can guess is it needs a call to setauthdb before
authenticate, please try the attached patch (apply to a vanilla 3.7.1p2 tree).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=712





------- Additional Comments From phoenix@internetstatic.com 2003-09-25 11:12 -------
I applied the second patch to a vanilla p2 tree, and still had the same issue.
For a non-SYSTEM auth1 userID, SSH allowed any and no key sequence to be
accepted. The configuration options chosen were that on Darrin Tucker's AIX
SSH page.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.