Bug 119676 - pam_chroot does not work with openssh
pam_chroot does not work with openssh
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2004-04-01 08:30 EST by Florian Brand
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: openssh-3.6.1p2-33.30.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-16 05:15:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florian Brand 2004-04-01 08:30:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)

Description of problem:
it is not possible to use pam_chroot with ssh.
The configuration works with a local login.
I suspect the priviledge separation code is the culprit.
See bug 98330. Could be a duplicate.

I tried to use it with the priv. sep. turned off, but still it remains.
After username and password, the login hangs.

/var/log/security states that the chdir and chroot was done sucessful.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure pam_chroot 
2. try to login as chrooted user

Actual Results:  ssh login hangs

Expected Results:  chrooted access

Additional info:
Comment 1 Tomas Mraz 2005-02-16 10:44:41 EST
Please try if packages from http://people.redhat.com/tmraz/testing/
work. However as they aren't official they aren't supported so use
them only for testing.
Comment 2 Tomas Mraz 2005-05-16 14:44:41 EDT
No response from the reporter.
Comment 3 Florian Brand 2005-05-16 20:51:02 EDT
(In reply to comment #2)
> No response from the reporter.

Sorry, forgot about the bugzilla update. The test version works nicely.
(both pam_chroot and password aging)

Note You need to log in before you can comment on or make changes to this bug.