HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted systems - authentication method with QAS

 
PM Srividhya
Advisor

Trusted systems - authentication method with QAS

Dear all,

Recently we have implemented QAS (Quest Authentication system) integrated with windows AD for identity management for our HP-UX (11.23/11.31) and Linux (RHEL/OEL) servers.

After this, we are unable to use SFTP or SCP with the new Windows AD user-id. It fails with the following error in the sshd.log

“fatal: PAM: pam_setcred(): No account present for user”

One the verbose mode I found that the authentication method invoked is keyboard-interactive and this is the reason for the error. If I continue entering wrong password for three times, fourth time it automatically goes to password.

Below is the verbose output:

scp -v testfile pm.srividhya@dwapps.ad@jmiddb01:/tmp
.
.
.
.

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
pm.srividhya@dwapps.ad@jmiddb01's password:

Is there any way to automatically make the authentication method to be selected as “password” after public key?

Or is there any patch available to fix this?

Regards,
Srividhya
1 REPLY
mvpel
Trusted Contributor

Re: Trusted systems - authentication method with QAS

It is your SSH client which is providing the sequence of preferred authentication methods. Look for the ssh_config PreferredAuthentications option on the system from which you're connecting:

PreferredAuthentications

Specifies the order in which the client should try protocol 2 authentication methods. This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. password) The default for this option is: gssapi-with-mic, hostbased, publickey, keyboard-interactive, password.