HPE Community
Operating System - HP-UX
1833433 Members
2745 Online
110052 Solutions
New Discussion

PAM & ssh A.03.61.002

 
Ruan_3
Frequent Advisor

‎01-19-2004 10:28 PM

‎01-19-2004 10:28 PM

PAM & ssh A.03.61.002

Hi all

Since upgrading to ssh A.03.61.002, we have been having problems with our PAM NTLM authentication. When logging in via SSH, the following entry is written to the syslog:

Jan 20 13:19:26 sshd[28264]: pam_ntlm: Incorrect NT password for username : vtonder

This entry appears even before the password prompt is displayed. This is not a problem for
"normal" usage, because once one enters a valid NT password at the prompt, the incorrect password attempts is cleared. But I make use of keys and the ssh agent, and when logging on to several servers simultaneously or SFTP'ing a bunch of files via FileZilla, my NT account becomes locked. This happens when providing my NT password for the SFTP sessions.

Has anyone come across a similar problem? Any advice would be greatly appreciated. I hame included the contents of /etc/smb.conf:

dtaction auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_unix.1
sshd auth required /usr/lib/security/libpam_ntlm.1
su auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1

0 Kudos
Reply
5 REPLIES 5
Ruan_3
Frequent Advisor

‎01-20-2004 05:44 PM

‎01-20-2004 05:44 PM

Re: PAM & ssh A.03.61.002

Someone please respond!
0 Kudos
Reply
Robert Binkhorst
Trusted Contributor

‎01-21-2004 01:31 AM

‎01-21-2004 01:31 AM

Re: PAM & ssh A.03.61.002

Hi,

Replace your currect OTHER statement with:
OTHER password required /usr/lib/security/libpam_unix.1
linux: the choice of a GNU generation
0 Kudos
Reply
Donny Jekels
Respected Contributor

‎01-21-2004 02:19 AM

‎01-21-2004 02:19 AM

Re: PAM & ssh A.03.61.002

Try the follwoing in one of your tests.
modify the ssshd_config file.

look for an entry

UsePam yes
UseLogin yes

stay away from HP's port of a good thing.
compile OpenSSH and keep rocking...

swremove Bastile HpSureShell

good luck.
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
Robert Binkhorst
Trusted Contributor

‎01-21-2004 10:39 PM

‎01-21-2004 10:39 PM

Re: PAM & ssh A.03.61.002

I disagree with Donny, not about the parameters, but about using HP's compilation of SSH. Unless you're using cutting edge technology which HP hasn't provided in their package you should use HP's version. Easy maintenance, HP releases patches, you save yourself the hassle of compiling this stuff.

Anyway, checking your config is always smart..
linux: the choice of a GNU generation
0 Kudos
Reply
Ruan_3
Frequent Advisor

‎01-21-2004 10:57 PM

‎01-21-2004 10:57 PM

Re: PAM & ssh A.03.61.002

Donny,

Should I set the parameters the values indicated? I changed the parameters to the values and restarted sshd, but I still get the same result.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.