5.3 -> 5 : sshd multiple log entries & login_getclass: unknown
class 'root'
Andrew Konstantinov
andrei at kableu.com
Sun Feb 6 14:29:43 PST 2005
On Sun, Feb 06, 2005 at 02:22:03PM -0800, Andrew Konstantinov wrote:
> On Sun, Feb 06, 2005 at 09:07:38PM +0000, Bjoern A. Zeeb wrote:
> > On Sun, 6 Feb 2005, Andrew Konstantinov wrote:
> >
> > > On Sun, Feb 06, 2005 at 12:29:23PM -0800, Doug White wrote:
> > > > On Sun, 6 Feb 2005, Andrew Konstantinov wrote:
> > > >
> > > > > *Possible* exact reproduction steps:
> > > > > - install RELENG_5
> > > > > - rebuild RELENG_5 with "NO_NIS=true" in /etc/make.conf
> > > > > - restart sshd service
> > > >
> > > > Sorry, no dice. I had to set "PermitRootLogin yes" in
> > > > /etc/ssh/sshd_config but logging in as root with password succeeds with no
> > > > login class warning. Upgraded from a RELENG_5 from yesterday to one about
> > > > 90 minutes old.
> > > >
> > > > What is the contents of /etc/nsswitch.conf? bz is telling me that if you
> > > > still have 'nis' in the lines in nsswitch and you compile with NO_NIS that
> > > > you'll get wierd user lookup errors.
> > > >
> > > > Also what are the contents of /etc/make.conf?
> > >
> > > #--- The nsswitch.conf:
> > > group: compat
> > > group_compat: nis
> > > hosts: files dns
> > > networks: files
> > > passwd: compat
> > > passwd_compat: nis
> > > shells: files
> > > #----------------------
> > >
> > > Hmm, I completely forgot about that one. :( I guess 'nis' should have been
> > > switched to 'files' whenever system is compiled with "NO_NIS=true".
> >
> > it's not documented - sorry, will do that.
> >
> > change it to sth like:
> >
> > group: files
> > hosts: files dns
> > networks: files
> > passwd: files
> > shells: files
> >
> > w/o this change I can see sth like this when doing passwd auth:
> >
> > 'sshd[1995]: NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, not found'
> >
> > But I suspect this will not help with your problem.
>
> Actually, that solves all the problems. Once I switched to your version of
> nsswitch.conf, all the "unknown class" bugs and multiple logging events have
> disappeared.
I don't know if that matters but my /etc/ssh/sshd_config contains:
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050206/3d519f5b/attachment.bin
More information about the freebsd-stable
mailing list