SUMMARY: OpenSSH and Solaris PAM

From: <>
Date: Tue Sep 30 2003 - 10:26:25 EDT
Dear sun managers,

Thanks a lot to those of you who replied to my posting.
The suggestions and ideas were very good.

The winning solution came from Fergus Donohue, who pointed me at
the bug report at

The advice about setting "PasswordAuthentication no" and 
"ChallengeResponseAuthentication yes" in sshd_config made it to work
with PAM and my LDAP users can login now.
However, for LDAP to work properly, I had to modify my pam.conf slightly, 
but it is minor change:
sshd   auth requisite
sshd   auth required 
sshd   auth sufficient
sshd   auth required  try_first_pass
sshd   account required


On Mon, 29 Sep 2003 wrote:

> Greetings,
> I wonder if anyone has succeeded with making OpenSSH 3.7.1p2 to work
> properly with Solaris 9 PAM libs? 
> After I compiled and configured the OpenSSH 3.7.1p2 with PAM support
> on Solaris 9, I encounter a problem with having it to work with Solaris PAM.
> The PAM libs that used to work fine with Sun SSH no longer work with the
> OpenSSH.
> For example, I use an additional authentication PAM module to check for 
> entries in /etc/shadow in order to disallow NIS users to login to a NIS
> server. It works fine with Sun SSH but the OpenSSH completely ignores it.
> On the other host, which is an OpenLDAP client, the OpenSSH doesn't seem
> to work with Sun's  LDAP users can't login via ssh.
> However, Sun SSH with the same pam.conf configuration works perfectly:
> sshd   auth      sufficient 
> sshd   auth      required
> sshd   account   sufficient
> sshd   account   required
> sshd   password  sufficient
> sshd   password  required
> In nsswitch.conf, I have 
> passwd:     files ldap
> group:      files ldap
> The OpenSSH has been configured with PAM support: 
> ./configure --use-pam ...
> When I ldd on /usr/local/sbin/sshd, among the links, it shows 
> =>   /usr/lib/ 
> In sshd_config, I got "UsePAM yes".
> Is there anything I am missing? 
> Do I need to compile and install special PAM modules for OpenSSH?
> It looks like the sshd completely ignores whatever is in /etc/pam.conf. 
> Any suggestion or advice would be appreciated.
> Thanks,
> Alexei
> _______________________________________________
> sunmanagers mailing list
sunmanagers mailing list
Received on Tue Sep 30 10:26:21 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:20 EST