Ubuntu
openssh package

  1. Bug #9936
  2. Comment #0

Comment 0 for bug 9936

Revision history for this message
In , Joan Carles Soler (joan-soler) wrote :

Package: ssh
Version: 1:3.8.1p1-8.sarge.2
Severity: grave
Justification: renders package unusable
Tags: security

if i include pam_access module i get unresolved simbols and i
coudn't
loguin. This is a severity problem for as
because whe have ours users in a ldap directori and only the users
of
a specified group whoud acces the server.

---
auth.log----------------------------------------------------------
--------------------
Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
pam_sm_authenticate
Nov 5 09:27:40 emsrv sshd[2678]: PAM unable to resolve symbol:
pam_sm_setcred
Nov 5 09:27:45 emsrv sshd[2678]: error: PAM: Module is unknown for
jsoler from emsrv

--- /etc/pam.d/ssh
---------------------------------------------------
--------------------
# PAM configuration for the Secure Shell service

# Disallow non-root logins when /etc/nologin exists.
auth required pam_nologin.so

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]

# Standard Un*x authentication.
auth required pam_access.so
@include common-auth

# Standard Un*x authorization.
@include common-account

# Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
session optional pam_motd.so # [1]

# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Standard Un*x password updating.
@include common-password

--- /etc/security/access.conf
----------------------------------------
-------------------------------------
# Sols es poden connectar el usuaris autoritzats
# Joan Carles Soler 18/10/2001
+: root :ALL
+: pharusuv-l :ALL
+: insauv-l :ALL
+: scsiuv-l :ALL
#+: siuv-l :ALL
+: emsrv :ALL
-: ALL EXCEPT LOCAL:ALL
----------------------------------------------------------------------
---------
NOTE: pharusuv-l insauv-l scsiuv-l ... are groups in our ldap system
too

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (101, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.5-1-686-smp
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro (ignored: LC_ALL set to
es_ES@euro)

Versions of packages ssh depends on:
ii adduser 3.59 Add and remove users
and
groups
ii debconf 1.4.30.8 Debian configuration
management sy
ii dpkg 1.10.23 Package maintenance
system for Deb
ii libc6 2.3.2.ds1-18 GNU C Library: Shared
libraries an
ii libpam-modules 0.76-22 Pluggable
Authentication
Modules f
ii libpam-runtime 0.76-22 Runtime support for the
PAM librar
ii libpam0g 0.76-22 Pluggable
Authentication
Modules l
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
ii libwrap0 7.6.dbs-6 Wietse Venema's TCP
wrappers libra
ii zlib1g 1:1.2.2-1 compression library -
runtime

-- debconf information:
  ssh/insecure_rshd:
  ssh/privsep_ask: true
* ssh/user_environment_tell:
* ssh/forward_warning:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/SUID_client: true
  ssh/disable_cr_auth: false
* ssh/privsep_tell:
  ssh/ssh2_keys_merged:
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true