Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 926] pam_session_close called as user or not at all
bugzilla-daemon at bugzilla
Mar 30, 2008, 9:13 PM
Post #1 of 5 (724 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=926


Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1452




--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 926] pam_session_close called as user or not at all [ In reply to ]
bugzilla-daemon at bugzilla
Mar 30, 2008, 9:13 PM
Post #2 of 5 (710 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=926


Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1452
Blocks|1353 |




--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 926] pam_session_close called as user or not at all [ In reply to ]
bugzilla-daemon at bugzilla
Apr 11, 2008, 11:10 PM
Post #3 of 5 (710 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=926


Jan Engelhardt <jengelh@gmx.de> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |jengelh@gmx.de




--- Comment #33 from Jan Engelhardt <jengelh@gmx.de> 2008-04-12 16:10:34 ---
To comment #20:
Modules do not seem to be able to do converse (in 5.0p1). pam_mount for
example is affected by this (ideally it would just grab the authtoken
from the auth stage but sadly enough openssh destroys the pam context
and instead starts a new one for session stage).

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 926] pam_session_close called as user or not at all [ In reply to ]
bugzilla-daemon at bugzilla
Apr 12, 2008, 2:05 AM
Post #4 of 5 (708 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=926





--- Comment #34 from Darren Tucker <dtucker@zip.com.au> 2008-04-12 19:05:00 ---
(In reply to comment #33)
> To comment #20:
> Modules do not seem to be able to do converse (in 5.0p1). pam_mount for
> example is affected by this (ideally it would just grab the authtoken
> from the auth stage but sadly enough openssh destroys the pam context
> and instead starts a new one for session stage).

That's a separate issue (see bug #688), however I think it only applies
for challenge-response type authentications.

You can probably work around it by disabling
ChallengeResponseAuthentication in sshd_config or using password
authentication (as opposed to keyboard-interactive, with an OpenSSH
client that's "ssh -o preferredauthentications=password server").

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 926] pam_session_close called as user or not at all [ In reply to ]
bugzilla-daemon at bugzilla
Apr 12, 2008, 5:11 AM
Post #5 of 5 (709 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=926





--- Comment #35 from Jan Engelhardt <jengelh@gmx.de> 2008-04-12 22:10:57 ---
(from bug #926)
>> Modules do not seem to be able to do converse (in 5.0p1). pam_mount for
>> example is affected by this (ideally it would just grab the authtoken
>> from the auth stage but sadly enough openssh destroys the pam context
>> and instead starts a new one for session stage).
>
>That's a separate issue (see bug #688), however I think it only applies
>for challenge-response type authentications.

>
>You can probably work around it by disabling
>ChallengeResponseAuthentication in sshd_config or using password
>authentication (as opposed to keyboard-interactive, with an OpenSSH
>client that's "ssh -o preferredauthentications=password server").

Unfortunately, that does not do it either. CRA is set to no,
PasswordAuthentication set to yes, no pubkey in ~/.ssh. According to
sshd -ddd, it's still conversation error.

pam_mount(pam_mount.c:518) error trying to retrieve authtok from auth
code
pam_mount(pam_mount.c:208) enter read_password
debug3: PAM: sshpam_store_conv called with 1 messages
pam_mount(pam_mount.c:176) conv->conv(...): Conversation error

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal