Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX
bugzilla-daemon at mindrot
Jan 22, 2004, 9:09 PM
Post #1 of 3 (215 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=712

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |793
nThis| |
Status|NEW |ASSIGNED



------- Additional Comments From dtucker@zip.com.au 2004-01-22 22:09 -------
This is specific to the account configuration. Without going into too much
detail, the problem is this: The accounts were configured with the following
AIX authentication settings:

SYSTEM=none
auth1=somemodule
auth2=none

The problem is sshd uses AIX's authenticate() function, which knows only SYSTEM,
not auth1 or auth2 (AFAIK those are the domain of ckuserID() which is documented
as obsolete, and would be very difficult to support sanely in sshd anyway).

I think the best sshd can do in this case is to detect an unsupportable
authentication configuration (currently my best guess is SYSTEM=NONE && auth1 !=
NONE, feedback wanted!) and deny the login.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
bugzilla-daemon at mindrot
Jan 22, 2004, 10:56 PM
Post #2 of 3 (217 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=712

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #465 is|0 |1
obsolete| |



------- Additional Comments From dtucker@zip.com.au 2004-01-22 23:56 -------
Created an attachment (id=534)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=534&action=view)
Check AIX accounts for SYSTEM=NONE

First attempt at testing accounts for SYSTEM=NONE and auth1!=NONE.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 712] ssh does not properly utilize OS specified authentication methods on AIX [ In reply to ]
bugzilla-daemon at mindrot
Feb 5, 2004, 12:48 AM
Post #3 of 3 (215 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=712

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|793 |
nThis| |



------- Additional Comments From dtucker@zip.com.au 2004-02-05 19:48 -------
I think it's too late for this patch to go for the next release. Since it has
had very limited testing, it has potential for mayhem by denying access to
accounts, simply because they have an unusual but otherwise valid config.

It should probably go in early in the next release cycle.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal