current-users: Re: ssh prompts passwd twice

Subject: Re: ssh prompts passwd twice
To: Dick Davies <rasputnik@hellooperator.net>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: current-users
Date: 03/10/2005 15:56:23

On Thu, Mar 10, 2005 at 12:03:02PM +0000, Dick Davies wrote:
> > I also noticed that what is entered at the first prompt doesn't matter:
> > it can be the right passwd, any string or an empty string, the first one
> > always fail, the second one behaves as expected
> 
> I smell PAM.

Yes

> What does /etc/pam.d/sshd look like?

It's the one installed on the systemp by default. I didn't change anything
in /etc/pam.d/.

# $NetBSD: sshd,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_krb5.so             no_warn try_first_pass
auth            sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         optional        pam_ssh.so
session         required        pam_permit.so

# password
password        sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass


-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--