[HPADM] SUMMARY openssh and HP-UX 11i trusted system

From: Peter van Eck (pveck@advalvas.be)
Date: Wed Mar 05 2003 - 03:24:51 EST

• Next message: Baran YURDAGUL: "[HPADM] (no subject)"
• Previous message: dbhasin@hss.hns.com: "[HPADM] OPENSSL and OPENSSH on HPUX 10.20"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well not much of a summary , as in finding a solution for the original
problem.
I did get a reply from C.Beerse pointing me in the direction of a multi
host environment setup and authentication was done but an NIS+ server or
Kerberos or Windows 2000 NT KDC or even LDAP.
This wasn't the case.All authentication is done locally on the machine.
Conlcusion sofar is that sshd is NOT able to authenticate with a
trusted system's password file (tcb) structure.
How it authenticates the root account , I still haven't figured that out.
What possibly will make it work is porting openssh to HP-UX with PAM
enabled so that it includes the pam security libraries that come with
ssh.( /etc/pam.d/sshd/ ). I'm not sure if that will work on HP-UX.
I didn't go into this.Due to lack of time I decided to untrust the
system and sshd is back to its old level of operating.
sshd wasn't the only reason for me to go back to untrusted , IBM's
Websphere Appliction Server with UDB7.2 failed starting up due to user
authentication failure as well.Just for your information.

rgds,

Peter

Hi admins,

To revisit the openssh running on trusted systems I have the following
to report.

HP-UX 11i
openssh 3.5p1
I installed the binary depot for openssh.
Using mostly all default settings in sshd_config.
Just switched X11 forwarding to yes.
Now I can login as root however when I (try) to login with a regular
useraccount it fails and I get this error logged in syslog.log

sshd [22442]: accepted password for informix from 10.100.231.17 port
33164 ssh2
sshd[22444]: fatal: PAM session setup failed[33]:General Commercial
Security error

Anyone experienced this before ?Any suggestions ? Compile openssh from
source with pam enabled ?

rgds,

Peter

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact 
majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: 
owner-hpux-admin@dutchworks.nl
Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse 
only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & 
search)
--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

• Next message: Baran YURDAGUL: "[HPADM] (no subject)"
• Previous message: dbhasin@hss.hns.com: "[HPADM] OPENSSL and OPENSSH on HPUX 10.20"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:26 EDT