Subject: | |
From: | |
Reply To: | |
Date: | Mon, 23 Oct 2006 10:57:04 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Jean-Michel Barbet wrote:
> Hello,
>
> I would like to point out a risk with upgrading to openssh 3.9p1 on
> an SL3 (3.0.3) box (I think this may happen if the "contrib" repository
> is selected :
>
> Basically, the pam configuration is changed to use a new pam-loginuid
> that does not seem to be shipped with SL3 (at least before an including
> 3.0.3). As a consequency, one can no longer log on the box with ssh.
>
> If other have come accros the same problem, a word of warning might
> be useful...
>
> JM
>
Hi JM,
Thanks for reminding me about this.
This problem only arose if you enabled pam in the sshd_config file. But
if you did, then he was correct, in that you wouldn't be able to log in.
This problem has been fixed in the openssh-3.9p1-8.SL.3.19 version that
is now in the contrib area.
Also fixed is a feature that was supposed to only be in the SLF
(fermilab's) version. That was that if you AFS, and you had aklog, then
openssh would automatically do an aklog for you. For fermilab we want
this feature because everything is kerberized, and that's a feature we
want. But if you are logging in with a password, as most people using
the SL version are, then you don't have a kerberos ticket, and the aklog
is going to fail. It's not critical, but the error messages are annoying.
Anyway, this feature was turned off in the openssh-3.9p1-8.SL.3.19 (for
Scientific linux 3.0.x) and the openssh-3.9p1-8.SL.4.19 (for Scientific
Linux 4.x)
Thanks again for reporting this, I'm glad the fix was easy enough.
Troy
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/CSS CSI Group
__________________________________________________
|
|
|