Fw: Problem using pam_krb5 + sshd on Solaris
Parag Godkar
paragg at konark.ncst.ernet.in
Thu Nov 21 10:12:14 EST 2002
----- Original Message -----
From: "Parag Godkar" <paragg at konark.ncst.ernet.in>
To: "Josef Kelbler" <kelbler at vumscomp.cz>
Sent: Thursday, November 21, 2002 8:41 PM
Subject: Re: Problem using pam_krb5 + sshd on Solaris
>
> > My sshd.config differs in:
> > UsePrivilegeSeparation no
> >
> > Did you install PrivilegeSeparation ?
> > I do not and I use this option.
> >
>
> Openssh3.4p1 was installed by my colleague.
> I will be able to confirm about "privsep" tomorrow from him.
> It's 8.45 pm here in India and I am about to leave
> for home. I have already got two calls from my
> mother.
>
> But I know that my colleague did refer to the following documents
> while installing openssh -
> http://www.sunfreeware.com/openssh8.html
> http://www.sunfreeware.com/README.privsep
>
> By quickly glancing through these documents and
> finding the following entry in /etc/passwd -
>
> sshd:x:503:501:sshd dameon:/var/empty/:/bin/false
>
> and the presence of /var/empty directory on my server,
> I think we can safely conclude that my colleagure did
> use "privsep" option while configuring openssh.
>
> > >From various debugging I know euid and eguid during running pam_krb5.
> >
> > If Sshd: euid=1005 (user id who is connecting)
> > eguid=0 (group root)
> >
> > If Telnet: euid=1005
> > egid=10 (group staff)
> >
> > Can you send me /etc/group file?
> >
>
> I am attaching my /etc/group file.
>
> Bye. I will be back tomorrow to sort your
> problem if you have not already sorted it out.
> GoodLuck.
>
> By the way Openssh3.5p1 is out on
> www.sunfreeware.com .
>
> Regards,
> Parag Godkar.
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: group.dat
Type: application/octet-stream
Size: 301 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20021121/51e431ca/attachment.obj
More information about the Kerberos
mailing list