|
»
»
»
« Return to Thread: pam_ldap and openssh
pam_ldap and openssh
by Jokke Heikkila
::
Rate this Message:
I found this exact same problem from archives back at 2005-12 but
didn't find the answer. The problem is that i have (Debian) box, which
is set up to authenticate against openldap server for anybody who ssh
in. That doesn't work since for some reason the pam_ldap is suplying
garbage password to ldap server. Below is a tcpdump on a simple bind
with normal ldap tools and next the same when trying to login with ssh.
debianBox:~# ldapwhoami -x -D uid=kopsuopi,cn=users,dc=kuva,dc=fi -w
secret
dn:uid=kopsuopi,cn=users,dc=kuva,dc=fi
Result: Success (0)
0000 00 0a 95 a5 e7 e8 00 13 72 53 67 e9 08 00 45 00 ........
rSg...E.
0010 00 6b 0c 07 40 00 40 06 a9 66 c1 a7 80 eb c1
a7 .k..@.@. .f......
0020 80 e5 e9 79 01 85 2a e3 19 f1 51 17 f6 76 80
18 ...y..*. ..Q..v..
0030 00 2e 85 7d 00 00 01 01 08 0a b6 44 15 f5 14
45 ...}.... ...D...E
0040 0f 5d 30 35 02 01 01 60 30 02 01 03 04 23 75 69 .]05...`
0....#ui
0050 64 3d 6b 6f 70 73 75 6f 70 69 2c 63 6e 3d 75 73 d=kopsuo
pi,cn=us
0060 65 72 73 2c 64 63 3d 6b 75 76 61 2c 64 63 3d 66 ers,dc=k
uva,dc=f
0070 69 80 06 73 65 63 72 65
74 i..secre t <------
PASSWORD SEND CORRECTLY
And the dump with same user trying to ssh in:
0000 00 0a 95 a5 e7 e8 00 13 72 53 67 e9 08 00 45 00 ........
rSg...E.
0010 00 91 6a e9 40 00 40 06 4a 5e c1 a7 80 eb c1 a7 ..j.@.@.
J^......
0020 80 e5 c4 a6 01 85 aa 66 eb 87 ee 86 94 4c 80
18 .......f .....L..
0030 00 5b 85 a3 00 00 01 01 08 0a bc b8 81 ea 14 52 .
[...... .......R
0040 47 2c 30 5b 02 01 03 60 37 02 01 03 04 23 75 69 G,0[...`
7....#ui
0050 64 3d 6b 6f 70 73 75 6f 70 69 2c 63 6e 3d 75 73 d=kopsuo
pi,cn=us
0060 65 72 73 2c 64 63 3d 6b 75 76 61 2c 64 63 3d 66 ers,dc=k
uva,dc=f
0070 69 80 0d 08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54 i......I
NCORRECT <------PASSWORD ??
0080 a0 1d 30 1b 04 19 31 2e 33 2e 36 2e 31 2e 34 2e ..0...1.
3.6.1.4.
0090 31 2e 34 32 2e 32 2e 32 37 2e 38 2e 35 2e 31 1.42.2.2
7.8.5.1
I've been strugling with this some time now and any clarification
where to look on this is greatly appreciated.
Jokke H.
didn't find the answer. The problem is that i have (Debian) box, which
is set up to authenticate against openldap server for anybody who ssh
in. That doesn't work since for some reason the pam_ldap is suplying
garbage password to ldap server. Below is a tcpdump on a simple bind
with normal ldap tools and next the same when trying to login with ssh.
debianBox:~# ldapwhoami -x -D uid=kopsuopi,cn=users,dc=kuva,dc=fi -w
secret
dn:uid=kopsuopi,cn=users,dc=kuva,dc=fi
Result: Success (0)
0000 00 0a 95 a5 e7 e8 00 13 72 53 67 e9 08 00 45 00 ........
rSg...E.
0010 00 6b 0c 07 40 00 40 06 a9 66 c1 a7 80 eb c1
a7 .k..@.@. .f......
0020 80 e5 e9 79 01 85 2a e3 19 f1 51 17 f6 76 80
18 ...y..*. ..Q..v..
0030 00 2e 85 7d 00 00 01 01 08 0a b6 44 15 f5 14
45 ...}.... ...D...E
0040 0f 5d 30 35 02 01 01 60 30 02 01 03 04 23 75 69 .]05...`
0....#ui
0050 64 3d 6b 6f 70 73 75 6f 70 69 2c 63 6e 3d 75 73 d=kopsuo
pi,cn=us
0060 65 72 73 2c 64 63 3d 6b 75 76 61 2c 64 63 3d 66 ers,dc=k
uva,dc=f
0070 69 80 06 73 65 63 72 65
74 i..secre t <------
PASSWORD SEND CORRECTLY
And the dump with same user trying to ssh in:
0000 00 0a 95 a5 e7 e8 00 13 72 53 67 e9 08 00 45 00 ........
rSg...E.
0010 00 91 6a e9 40 00 40 06 4a 5e c1 a7 80 eb c1 a7 ..j.@.@.
J^......
0020 80 e5 c4 a6 01 85 aa 66 eb 87 ee 86 94 4c 80
18 .......f .....L..
0030 00 5b 85 a3 00 00 01 01 08 0a bc b8 81 ea 14 52 .
[...... .......R
0040 47 2c 30 5b 02 01 03 60 37 02 01 03 04 23 75 69 G,0[...`
7....#ui
0050 64 3d 6b 6f 70 73 75 6f 70 69 2c 63 6e 3d 75 73 d=kopsuo
pi,cn=us
0060 65 72 73 2c 64 63 3d 6b 75 76 61 2c 64 63 3d 66 ers,dc=k
uva,dc=f
0070 69 80 0d 08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54 i......I
NCORRECT <------PASSWORD ??
0080 a0 1d 30 1b 04 19 31 2e 33 2e 36 2e 31 2e 34 2e ..0...1.
3.6.1.4.
0090 31 2e 34 32 2e 32 2e 32 37 2e 38 2e 35 2e 31 1.42.2.2
7.8.5.1
I've been strugling with this some time now and any clarification
where to look on this is greatly appreciated.
Jokke H.
« Return to Thread: pam_ldap and openssh
| Free Forum Powered by Nabble | Forum Help |