[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
system/2186: libexec/auth/login* not build in 2.9-STABLE
- To: gnats@openbsd.org
- Subject: system/2186: libexec/auth/login* not build in 2.9-STABLE
- From: ry04@rz.uni-karlsruhe.de
- Date: Mon, 19 Nov 2001 15:29:11 +0100 (CET)
- Resent-Date: Mon, 19 Nov 2001 07:30:03 -0700 (MST)
- Resent-From: gnats@cvs.openbsd.org (GNATS Management)
- Resent-Message-Id: <200111191430.fAJEU3jP003144@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org, ry04@rz.uni-karlsruhe.de
- Resent-To: bugs@cvs.openbsd.org
>Number: 2186
>Category: system
>Synopsis: /usr/libexec/auth/login* ar missing and causing login failueres
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Nov 19 07:30:02 MST 2001
>Last-Modified:
>Originator: Christoph Moench-Tegeder
>Organization:
University of Karlsruhe, Computing Centre
>Release: OpenBSD-2.9-STABLE i386 (Nov 18 2001), OpenSSH_3.0.1
>Environment:
System : OpenBSD 2.9
Architecture: OpenBSD.i386
Machine : i386
>Description:
In src/libexec/Makefile, the definition of SUBDIR lacks the entries for
login_chpass login_kerberos login_krb-or-pwd login_lchpass login_passwd
login_reject login_skey login_token. So /usr/libexec/auth/ remains
empty and you can't login via ssh with password-authentication.
sshd send the following line to syslog (/var/log/auth.log):
sshd[627]: /usr/libexec/auth/login_krb-or-pwd: path not secure
(the error comes from secure_path(3)). SSH with DSA-keys still works.
Other ways to login may be affected, too, but I had no chance of
testing that.
/usr/src/libexec/Makefile is version
$OpenBSD: Makefile,v 1.17 2000/09/07 04:02:33 rahnds Exp $
/usr/src/usr.bin/ssh/sshd.c is version
$OpenBSD: sshd.c,v 1.195.2.3 2001/11/15 22:51:15 miod Exp $
>How-To-Repeat:
ssh to an OpenBSD-2.9-Stable build at or after Nov 18 2001 (sshd 3.0.1),
use password as authentication, you get "permission denied" and
the line mentioned above in /var/log/auth.log.
>Fix:
I applied the following patch to /usr/src/libexec/Makefile, then
make && sudo make install in /usr/src/libexec and everything was
fine again.
--- Makefile.orig Mon Nov 19 15:01:28 2001
+++ Makefile Mon Nov 19 15:02:14 2001
@@ -6,7 +6,9 @@
SUBDIR= atrun comsat fingerd ftpd getNAME getty identd lockspool \
mail.local makewhatis rexecd rlogind rshd \
rpc.rquotad rpc.rstatd rpc.rusersd rpc.rwalld rpc.sprayd \
- talkd tcpd telnetd tftpd uucpd smtpd
+ talkd tcpd telnetd tftpd uucpd smtpd \
+ login_chpass login_kerberos login_krb-or-pwd login_lchpass \
+ login_passwd login_reject login_skey login_token
.if (${YP:L} == "yes")
SUBDIR+=rpc.yppasswdd
>Audit-Trail:
>Unformatted: