SSHD creates defunct process
Chidanand Gangur
I am using on sshd version OpenSSH_3.6.1p2.
I am facing some very vauge problem when i run sshd server and try to
connect to it.
When I run sshd in debug mode [ ./sshd -ddd] I am able to connect to
it and every thing functions very well, but when i run it as [./sshd]=20
and try to connect it the connection hangs creating defunct process.
The entries in process table are
25571 ? S 0:00 sshd: admin [priv]
25573 ? Z 0:00 [sshd <defunct>]
I have propretory PAM module which hooks in my authentication
mechanism to sshd. Based upon my pam module logs and sshd debug
messages i can say that authentication went on smoothly and it
returned PAM_SUCCESS to do_pam_authenticate. After this the shell just
hangs.
I can see this error in var log messages when run either by [ ./sshd
-ddd] or [./sshd]
PAM [dlerror: /lib/security/$ISA/pam_deny.so: cannot open shared
object file: No such file or directory]
My /etc/pam.d/sshd looks like this
#%PAM-1.0
auth sufficient /scratch/Chidanand/bagini-p2/lib/pam_test.so
account required /scratch/Chidanand/bagini-p2/lib/pam_test.so
password required pam_stack.so service=3Dsystem-auth
session required /scratch/Chidanand/bagini-p2/lib/pam_test.so
_________________________________________________________
I am confused with this problem, can any one help me to nail down this iss=
ue.
--=20
Thanks,
Chidanand Gangur
Pune.
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Chidanand Gangur
various log messages in sshd source code .what I can see is after
calling do_pam_converse function from do_pam_account function sshd
does nothing. that is creates zombie.
On 5/10/05, Peter Stuge <stuge-opens...@cdy.org> wrote:
> On Tue, May 10, 2005 at 07:55:53PM +0530, Chidanand Gangur wrote:
> > I am confused with this problem, can any one help me to nail down
> > this issue.
>=20
> Is the problem repeatable when you run ./sshd -D ?
>=20
> If it is, you can run sshd under strace/ktrace/truss/similar to get a
> thorough view of what is going on.
>=20
> //Peter
>=20
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>=20
--=20
Peter Stuge
> When started with strace SSHD waits in select loop.
Ok, so you're on Linux.
Try strace -fF sshd -D
> I have placed various log messages in sshd source code .what I can
> see is after calling do_pam_converse function from do_pam_account
> function sshd does nothing. that is creates zombie.
Hm, I'm not too familiar with the workings of the PAM but perhaps the
trace output could help nail the problem down.
//Peter
Darren Tucker
> On Wed, May 11, 2005 at 12:17:34AM +0530, Chidanand Gangur wrote:
>>When started with strace SSHD waits in select loop.
>
> Ok, so you're on Linux.
> Try strace -fF sshd -D
Be aware that strace on Linux will change some of the behaviour of the
parent/child relationships, so while it may help it's not an ideal
diagnostic.
[and from the original posting]
>> PAM [dlerror: /lib/security/$ISA/pam_deny.so: cannot open shared
>>object file: No such file or directory]
It looks like you are missing the pam_deny.so file, or the path is wrong
in /etc/pam.d/system-auth.
>>I have placed various log messages in sshd source code .what I can
>>see is after calling do_pam_converse function from do_pam_account
>>function sshd does nothing. that is creates zombie.
>
> Hm, I'm not too familiar with the workings of the PAM but perhaps the
> trace output could help nail the problem down.
There's a bug in some versions of LinuxPAM that prevents an app from
changing of the conversation function. It's possible that PAM is
calling the wrong conversation function:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126985
I wrote a tool for figuring out what PAM is doing underneath the covers,
based in part on sshd's PAM interface code.
It's available here:
http://www.zip.com.au/~dtucker/patches/pam-test-harness.c
The documentation, such as it is, is here:
http://www.zip.com.au/~dtucker/patches/#pamtest
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Chidanand Gangur
select loop. When i connect I do not get login prompt to proceed
further.
regarding PAM unable to dlopen(/lib/security/$ISA/pam_deny.so)
the file exists in that location.
$ISA is not initialised that contains nothing. I have also tried hard
codding the file path in system-auth file, still i see the above error
in /var/log/messages.
I also tried Darrens pam-test-harness program, all of my test went
through. [thanks Darren] With this test i could see my authentication
request comming to my authentication module getting authenticated and
returning success to my pam module.
All these functions returned SUCCESS
pam_start
pam_set_item(pamh, PAM_TTY
pam_set_item(pamh, PAM_RHOST,
pam_set_item(pamh, PAM_RUSER,
pam_authenticate(pamh, 0)
pam_acct_mgmt(pamh, 0)
pam_open_session(pamh, 0)
pam_setcred(pamh, 0)
pam_get_item(pamh, PAM_USER, ...)
PAM_USER =3D testcng (unchanged)
Standard environment variables
ADMIN_NAME=3Dtestcng
ADMIN_PORT=3D3445
ADMIN_IP=3D192.168.2.129
=20
PAM environment variables
uid 0 euid 0 gid 0 egid 0
pam_end(pamh, 0) =3D 0 (Success)
But the [sshd <defunct> ] problem still persists. when SSHD started as [./s=
shd].
To add more information i am using gcc-v3.2.2
On 5/11/05, Darren Tucker <dtu...@zip.com.au> wrote:
> Peter Stuge wrote:
> > On Wed, May 11, 2005 at 12:17:34AM +0530, Chidanand Gangur wrote:
> >>When started with strace SSHD waits in select loop.
> >
> > Ok, so you're on Linux.
> > Try strace -fF sshd -D
>=20
> Be aware that strace on Linux will change some of the behaviour of the
> parent/child relationships, so while it may help it's not an ideal
> diagnostic.
>=20
> [and from the original posting]
> >> PAM [dlerror: /lib/security/$ISA/pam_deny.so: cannot open shared
> >>object file: No such file or directory]
>=20
> It looks like you are missing the pam_deny.so file, or the path is wrong
> in /etc/pam.d/system-auth.
>=20
> >>I have placed various log messages in sshd source code .what I can
> >>see is after calling do_pam_converse function from do_pam_account
> >>function sshd does nothing. that is creates zombie.
> >
> > Hm, I'm not too familiar with the workings of the PAM but perhaps the
> > trace output could help nail the problem down.
>=20
> There's a bug in some versions of LinuxPAM that prevents an app from
> changing of the conversation function. It's possible that PAM is
> calling the wrong conversation function:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D126985
>=20
> I wrote a tool for figuring out what PAM is doing underneath the covers,
> based in part on sshd's PAM interface code.
>=20
> It's available here:
> http://www.zip.com.au/~dtucker/patches/pam-test-harness.c
>=20
> The documentation, such as it is, is here:
> http://www.zip.com.au/~dtucker/patches/#pamtest
>=20
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>=20
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>=20
--=20
Chidanand Gangur
Pune.
_______________________________________________
Chidanand Gangur
upgrading PAM
tweaking configuration files here and there
went through the SSHD code=20
but yet failed to resolve the problem. What is wrong in my
configuration ?? is this problem related to libraries ? to which SSHD
links? Please give me some clue.
Thanks,
Chidanand
On 5/11/05, Peter Stuge <stuge-opens...@cdy.org> wrote:
> On Wed, May 11, 2005 at 11:41:44AM +0530, Chidanand Gangur wrote:
> > I tried to trace SSHD using strace -fF as said before SSHd waits in
> > select loop. When i connect I do not get login prompt to proceed
> > further.
>=20
> Ah, ok, I understand. And what are the last 100 or so lines of output
> at that point?
>=20
>=20
> //Peter
Darren Tucker
> I have tried various options upgrading PAM
> tweaking configuration files here and there
> went through the SSHD code
3.6.1p2 is a couple of years old and the PAM code in sshd has been
significantly changed (improved, I hope :-). Did you build it from
source yourself?
What does the debug output from sshd give (ie "/path/to/sshd -ddde") for
one of the problem connections?
Does the problem occur with sshd from OpenSSH-4.0p1?
> but yet failed to resolve the problem. What is wrong in my
> configuration ?? is this problem related to libraries ? to which SSHD
> links? Please give me some clue.
Could be anything. When you mentioned "proprietary PAM module" you
entered the realm of "there be dragons".
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
Chidanand Gangur
concern is as mentioned before every thing goes well when i run SSHD
in debug mode [./sshd -ddd] . I face problem when i run it as service.
[./sshd].
Regarding my pam module I not doing great in it i have my
implementation for pam_sm_authenticate rest of the pam_sm_*
functions are empty, that is they just return PAM_SUCCESS.
And from the logs in SSHD , pam module and rest of the programs i can
make out user was authenticated and a success was sent to SSHD.
Now I am plannig to put function entry log and function exit log in
all sshd code so that i can see what actually went wrong. Is there any
other method to achive it.
Thanks,
Chidanand
On 5/12/05, Darren Tucker <dtu...@zip.com.au> wrote:
> Chidanand Gangur wrote:
> > I have tried various options upgrading PAM
> > tweaking configuration files here and there
> > went through the SSHD code
>=20
> 3.6.1p2 is a couple of years old and the PAM code in sshd has been
> significantly changed (improved, I hope :-). Did you build it from
> source yourself?
>=20
> What does the debug output from sshd give (ie "/path/to/sshd -ddde") for
> one of the problem connections?
>=20
> Does the problem occur with sshd from OpenSSH-4.0p1?
>=20
> > but yet failed to resolve the problem. What is wrong in my
> > configuration ?? is this problem related to libraries ? to which SSHD
> > links? Please give me some clue.
>=20
> Could be anything. When you mentioned "proprietary PAM module" you
> entered the realm of "there be dragons".
>=20
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>=20
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>=20
--=20
Chidanand Gangur
Pune.
_______________________________________________
Darren Tucker
[some stuff, but not...]
> On 5/12/05, Darren Tucker <dtu...@zip.com.au> wrote:
>>Does the problem occur with sshd from OpenSSH-4.0p1?
You didn't answer this.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
Chidanand Gangur
changes in sshd code too and few of my colleuges also share the same
SSHD version, I will suerly try out OpenSSH-4.0p1?
On 5/12/05, Darren Tucker <dtu...@zip.com.au> wrote:
> Chidanand Gangur wrote:
> [some stuff, but not...]
> > On 5/12/05, Darren Tucker <dtu...@zip.com.au> wrote:
> >>Does the problem occur with sshd from OpenSSH-4.0p1?
>=20
> You didn't answer this.
>=20
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>=20
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>=20
--=20
Chidanand Gangur
Pune.
_______________________________________________
Damien Miller
> Darren I havent checked with the latest version ... I have made few
> changes in sshd code too and few of my colleuges also share the same
> SSHD version, I will suerly try out OpenSSH-4.0p1?
So,
you use a old ssh version,
to which you have made unspecified changes,
on top of that you use a custom, unreleased PAM module,
and you expect us to be willing and able to help you?
Come on - if you are going to make changes to the code, then you have to
be ready to fix on your own it when it breaks.
-d
Chidanand Gangur
I accept your disguize, but I really thought this mailing list which
could help me to solve the problem.
The changes in SSHD code is only in one file i.e session.c and that
too it is a very simple change. The changes is just setting an
envoirnment variable which is just an integer.
I am using child_set_env function to achieve it.=20
The main problem is the behaviour changes on machine to machine. On
some machine i get error
PAM faulty module pam_test.so
PAM unable to dlopen pam_test.so
PAM unable to dlopen pam_deny.so
On some machine every thing goes fine end to end and surprisingly all
the machines are standard RH 9 machines.
Am I missing out some configuration.=20
I havent changed standard sshd_config file.
I have tweaked nsswitch.conf and /etc/pam.d/sshd file.=20
Thanks,
Chidanand
On 5/13/05, Damien Miller <d...@mindrot.org> wrote:
> Chidanand Gangur wrote:
> > Darren I havent checked with the latest version ... I have made few
> > changes in sshd code too and few of my colleuges also share the same
> > SSHD version, I will suerly try out OpenSSH-4.0p1?
>=20
> So,
>=20
> you use a old ssh version,
>=20
> to which you have made unspecified changes,
>=20
> on top of that you use a custom, unreleased PAM module,
>=20
> and you expect us to be willing and able to help you?
>=20
> Come on - if you are going to make changes to the code, then you have to
> be ready to fix on your own it when it breaks.
>=20
> -d
>=20
--=20
Chidanand Gangur
Pune.
_______________________________________________
Damien Miller
> Hi Daimen Miller,
>
> I accept your disguize, but I really thought this mailing list which
> could help me to solve the problem.
>
> The changes in SSHD code is only in one file i.e session.c and that
> too it is a very simple change. The changes is just setting an
> envoirnment variable which is just an integer.
> I am using child_set_env function to achieve it.
>
> some machine i get error
>
> PAM faulty module pam_test.so
> PAM unable to dlopen pam_test.so
> PAM unable to dlopen pam_deny.so
Well, erratic behaviour like that might be indicative of a memory
corruption problem somewhere. However, we still can't help you, because
we can't replicate your configuration and you haven't even posted any
debug traces.
If you want to post and ask for help, you have to give us enough
information to do more than guess at your problems.
Start by sending your pam config, sshd_config, any configure options
that you built with, details of your platform and a server debug ("sshd
-ddd") trace.
-d
Chidanand Gangur
--with-pam option. I have my pam_test.so .
With the same set up as mentioned above I have every thing working
fine on one of my test machines which has RH9 installed . But the same
set up on another machine with same configuration same OS RH9 fails to
work.
I get following messages :
May 18 16:53:44 vml1ravid sshd: PAM unable to
dlopen(/build/release-cp/pam_test.so)
May 18 16:53:44 vml1ravid sshd: PAM [dlerror:
/build/release-cp/libcmapi.so: undefined symbol: pdp_module_props]
May 18 16:53:44 vml1ravid sshd: PAM adding faulty module:
build/release-cp/pam_test.so
When I run Darrens pam-test-harness -u testcng -s sshd
I get following response:
conversation struct {conv=3D0x8048d6d, appdata_ptr=3D0x804b064}
pam_start(sshd, testcng, &conv, &pamh) =3D 0 (Success)
pam_set_item(pamh, PAM_TTY, "/dev/pts/2") =3D 0 (Success)
pam_set_item(pamh, PAM_RHOST, "vml1ravid.pune.localdomain.com") =3D 0 (Succ=
ess)
pam_set_item(pamh, PAM_RUSER, "chidanandgangur") =3D 0 (Success)
pam_authenticate(pamh, 0) =3D 6 (Permission denied)
pam_end(pamh, 0) =3D 0 (Success)
When I run SSHD in debug mode i get following debug messages
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.6.1p2
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.2.129 port 4130
debug1: Client protocol version 1.5; client software version PuTTY-Release-=
0.53b
debug1: no match: PuTTY-Release-0.53b
debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: Sent 768 bit server key and 1024 bit host key.
debug2: Network child is on pid 845
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug1: Encryption type: blowfish
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug2: monitor_read: 28 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug3: mm_ssh1_session_id entering
debug3: mm_request_send entering: type 30
debug3: monitor_read: checking request 30
debug3: mm_answer_sessid entering
debug2: monitor_read: 30 used once, disabling now
debug3: mm_request_receive entering
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 41
[root@vml1ravid release-cp]# /usr/sbin/sshd -ddd
debug2: read_server_config: filename /etc/ssh/sshd_config
debug1: sshd version OpenSSH_3.6.1p2
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 192.168.2.129 port 4140
debug1: Client protocol version 1.5; client software version PuTTY-Release-=
0.53b
debug1: no match: PuTTY-Release-0.53b
debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: Sent 768 bit server key and 1024 bit host key.
debug2: Network child is on pid 959
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug1: Encryption type: blowfish
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug2: monitor_read: 28 used once, disabling now
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug3: mm_ssh1_session_id entering
debug3: mm_request_send entering: type 30
debug1: Received session key; encryption turned on.
debug3: mm_request_receive entering
debug3: monitor_read: checking request 30
debug3: mm_answer_sessid entering
debug2: monitor_read: 30 used once, disabling now
debug3: mm_request_receive entering
debug1: Installing crc compensation attack detector.
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 41
debug1: Attempting authentication for testcng.
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 41
debug1: Starting up PAM with username "testcng"
debug3: Trying to reverse map address 192.168.2.129.
debug1: PAM setting rhost to "chidanandgangur.pune.localdomain.com"
debug2: monitor_read: 41 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug1: PAM password authentication failed for testcng: Permission denied
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: user not authenticated
Failed none for testcng from 192.168.2.129 port 4140
debug3: mm_request_receive entering
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug1: PAM password authentication failed for testcng: Permission denied
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: user not authenticated
Failed password for testcng from 192.168.2.129 port 4140
Failed password for testcng from 192.168.2.129 port 4140
debug3: mm_request_receive entering
Thanks,
Chidanand
On 5/13/05, Damien Miller <d...@mindrot.org> wrote:
> Chidanand Gangur wrote:
> > Hi Daimen Miller,
> >
> > I accept your disguize, but I really thought this mailing list which
> > could help me to solve the problem.
> >
> > The changes in SSHD code is only in one file i.e session.c and that
> > too it is a very simple change. The changes is just setting an
> > envoirnment variable which is just an integer.
> > I am using child_set_env function to achieve it.
> >
> > The main problem is the behaviour changes on machine to machine. On
> > some machine i get error
> >
> > PAM faulty module pam_test.so
> > PAM unable to dlopen pam_test.so
> > PAM unable to dlopen pam_deny.so
>=20
> Well, erratic behaviour like that might be indicative of a memory
> corruption problem somewhere. However, we still can't help you, because
> we can't replicate your configuration and you haven't even posted any
> debug traces.
>=20
> If you want to post and ask for help, you have to give us enough
> information to do more than guess at your problems.
>=20
> Start by sending your pam config, sshd_config, any configure options
> that you built with, details of your platform and a server debug ("sshd
> -ddd") trace.
>=20
> -d
>=20
--=20
Chidanand Gangur
Pune.
_______________________________________________
Peter Stuge
I'll chip in here, even if I'm no PAM guru.
On Wed, May 18, 2005 at 05:33:16PM +0530, Chidanand Gangur wrote:
> I have got fresh source of openssh-3.6.1p2 . I compiled it with
> --with-pam option. I have my pam_test.so .
3.6.1p2 is really old and many PAM improvements are in the latest
release 4.0p1.
> With the same set up as mentioned above I have every thing working
> fine on one of my test machines which has RH9 installed . But the
> same set up on another machine with same configuration same OS RH9
> fails to work.
>
> I get following messages :
>
> May 18 16:53:44 vml1ravid sshd: PAM unable to
> dlopen(/build/release-cp/pam_test.so)
> May 18 16:53:44 vml1ravid sshd: PAM [dlerror:
> /build/release-cp/libcmapi.so: undefined symbol: pdp_module_props]
> May 18 16:53:44 vml1ravid sshd: PAM adding faulty module:
> build/release-cp/pam_test.so
This tells me that there's a problem in your PAM module pam_test.so,
which tries to load the symbol pdp_module_props from libcmapi.so, but
that load fails.
> When I run Darrens pam-test-harness -u testcng -s sshd
> I get following response:
> conversation struct {conv=0x8048d6d, appdata_ptr=0x804b064}
> pam_start(sshd, testcng, &conv, &pamh) = 0 (Success)
>
> pam_set_item(pamh, PAM_TTY, "/dev/pts/2") = 0 (Success)
>
> pam_set_item(pamh, PAM_RHOST, "vml1ravid.pune.localdomain.com") = 0 (Success)
>
> pam_set_item(pamh, PAM_RUSER, "chidanandgangur") = 0 (Success)
>
> pam_authenticate(pamh, 0) = 6 (Permission denied)
Since I don't know PAM very well I can't say if this means that the
authentication just failed because of invalid credentials or if there
was an internal error in a PAM module.
> When I run SSHD in debug mode i get following debug messages
Looks like sshd exits or hangs abruptly. That could be a consequence
from the PAM module failing somehow, right?