System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

 
Highlighted
Trusted Contributor

PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

Hi folks,

I'm getting ready to do some more serious digging, but I was hoping someone might have run into this before and could lend a hand.

I have HP Secure Shell A.05.20.013 running on an untrusted HP-UX 11.11 system, and it displays the PAM text info message from my PAM module with no problem.

I have both this version, the next newer, and the latest available version running on a collection of Trusted Mode systems, and nothing at all shows up, even though the PAM module reports that the message was sent successfully, and a tusc of the sshd process shows the message arriving - it just never gets delivered to the user by the sshd. UsePAM is set to "yes," of course.

The sshd in debug mode shows "sshpam_store_conv called with 1 messages", so there's definitely something going on.

The "ShowLastLog" option also fails to work as expected in Trusted Mode systems, so I'm wondering if this might be a related issue - perhaps there's some issue with interaction between T1471AA and Trusted Mode? Does privilege separation need to be disabled from Trusted systems, maybe?
4 REPLIES 4
Highlighted
Trusted Contributor

Re: PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

How interesting...

I recompiled the sshd from the T1471AA A.05.50.013 /opt/ssh/src directory with no changes to the source code other than adding a debug3() line and fixing a couple of build problems, and the messages appear just fine now.

So it would appear that there's a problem in the way in which T1471AA is built that is resulting in dropped PAM messages.

My configure was run as:

configure --prefix=/opt/ssh --with-pam --with-ipaddr-display

I had to add "-lpthread" to LIBS and cipher-ctr-mt.o to LIBSSH_OBJS in the Makefile to get a successful build, and run "make sshd" to avoid a problem building one of the man pages.

Then:

/opt/ssh/src/ssh/sshd -p 10 -ddd

... on the server and:

ssh -p 10

... on the client, and voila, the PAM_TEXT_INFO messages appeared with no problem.
Highlighted
Trusted Contributor

Re: PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

Case 4620912627 open in GCC - Unix Networking.
Highlighted
Trusted Contributor

Re: PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

Turns out that the problem was a different home directory on the trusted vs untrusted systems - on the trusted system I had a ".hushlogin" file that I'd forgotten about which was blocking the display of the lastlog information and the PAM_TEXT_INFO messages.
Highlighted
Trusted Contributor

Re: PAM_TEXT_INFO with T1471AA Secure Shell on Trusted Mode?

.