[PAM-Auth] client connection hangs when PAM fails early

Andreas Wehrmann a.wehrmann at yandex.com
Wed Sep 6 22:23:49 AWST 2017


Hello,

I'm in the process of setting up an embedded system with PAM authentication.
I enabled PAM support in dropbear by using the "--enable-pam" option for 
./configure
and defining "#define ENABLE_SVR_PAM_AUTH" in options.h.

I then went on to see if dropbear actually makes use of PAM and judging 
from the logging output it does.

However, here's the issue:
There is no PAM config on the system yet, so the call to pam_start() 
fails and the fact is logged by dropbear.
The thing is, that dropbear doesn't send an error back afterwards, it 
seems to do nothing.
This results in the SSH client hanging around, waiting for a response.

I would expect dropbear to send some kind of (authentication) error back,
if something in the process of setting up PAM goes wrong.


Best regards,
Andreas



More information about the Dropbear mailing list