Jean-Michel Barbet wrote:
> Hello,
> 
> I would like to point out a risk with upgrading to openssh 3.9p1 on
> an SL3 (3.0.3) box (I think this may happen if the "contrib" repository
> is selected :
> 
> Basically, the pam configuration is changed to use a new pam-loginuid
> that does not seem to be shipped with SL3 (at least before an including
> 3.0.3). As a consequency, one can no longer log on the box with ssh.
> 
> If other have come accros the same problem, a word of warning might
> be useful...
> 
> JM
> 

Hi JM,
Thanks for reminding me about this.

This problem only arose if you enabled pam in the sshd_config file.  But 
if you did, then he was correct, in that you wouldn't be able to log in.

This problem has been fixed in the openssh-3.9p1-8.SL.3.19 version that 
is now in the contrib area.
Also fixed is a feature that was supposed to only be in the SLF 
(fermilab's) version.  That was that if you AFS, and you had aklog, then 
openssh would automatically do an aklog for you.  For fermilab we want 
this feature because everything is kerberized, and that's a feature we 
want.  But if you are logging in with a password, as most people using 
the SL version are, then you don't have a kerberos ticket, and the aklog 
is going to fail.  It's not critical, but the error messages are annoying.
Anyway, this feature was turned off in the openssh-3.9p1-8.SL.3.19 (for 
Scientific linux 3.0.x) and the openssh-3.9p1-8.SL.4.19 (for Scientific 
Linux 4.x)

Thanks again for reporting this, I'm glad the fix was easy enough.
Troy
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/CSS  CSI Group
__________________________________________________