misc/170373: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh
module now requests for PAM key
Dmitry Kazarov
d.y.kazarov at mail.ru
Sat Aug 4 17:00:20 UTC 2012
>Number: 170373
>Category: misc
>Synopsis: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 04 17:00:19 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Dmitry Kazarov
>Release: 9.1-PRERELEASE
>Organization:
>Environment:
FreeBSD Trudiaga.localdomain 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Sun Jul 29 04:54:44 MSK 2012 root at Trudiaga.localdomain:/var/obj/usr/src/sys/GENERIC amd64
>Description:
Since revision 1.47.2.2 pam_ssh began to request for PEM password after SSH passphrase:
FreeBSD/amd64 (Trudiaga.localdomain) (ttyv4)
login: user
SSH passphrase:
Enter PEM pass phrase:
Last login: Sat Aug 4 13:29:36 on ttyv4
And any key sequence could be specified for successful login.
This behavior breaks xscreensaver - it no more capable to unlock screen since request for PEM pass is not handled by it.
>How-To-Repeat:
>Fix:
--- pam_ssh.c.orig 2011-12-11 20:57:27.000000000 +0400
+++ pam_ssh.c 2012-08-04 20:56:18.000000000 +0400
@@ -110,7 +110,7 @@
* with an empty passphrase, and if the key is not encrypted,
* accept only an empty passphrase.
*/
- key = key_load_private(fn, NULL, &comment);
+ key = key_load_private(fn, "", &comment);
if (key != NULL && !(*passphrase == '\0' && nullok)) {
key_free(key);
return (NULL);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list