HP-UX Secure Shell A.04.30.006 and A.04.30.007 Release Notes
HP-UX Secure Shell A.04.30.006 and A.04.30.007
Known Problems and Workarounds
Chapter15
Known Problems and Workarounds
Following are the known problems and workarounds in HP-UX Secure
Shell Versions A.04.30.006 and A.04.30.007:
• HP-UX Secure Shell user authentication through the public-key will
fail in a server environment if the UsePAM is set to YES and pam.conf
is set to PAM_LDAP.
Workaround: HP recommends the PAM_AUTHZ mechanism for HP-UX
Secure Shell environments that use public-key authentication with
PAM_LDAP-based account management.
• On some systems, when a user logs out of a Secure Shell session, the
following message appears in the syslog.log file:
pam_setcred: error Authentication failed
This error message appears only when the daemon is running in the
debug mode. This error message is not relevant to (and does not
affect) HP-UX Secure Shell operations. The PAM function
pam_setcred() generates this message. For superusers, it occurs
unconditionally. For non-superusers, it occurs only when
/usr/sbin/keyserv is not running on the server system. In a
normal syslogd operation, the error message does not appear.
• A Kerberos ticket on a Secure Shell server system gets inadvertently
deleted in the following scenarios:
1. User U1 creates a Kerberos ticket file on a Secure Shell server
system, S1.
2. The SSH server on S1 is set up for PAM_KERBEROS authentication.
3. User U1 now remotely connects to the SSH instance on S1 using
public-key authentication.
4. User U1 exits.
The kinit-generated ticket file created in Step 1 gets deleted when
the user exits the Secure Shell session.
Workaround: Create the Kerberos ticket file (Step 1) in a non-default
location and selectively communicate this file name to Secure Shell
processes using the KRB5CCNAME environment variable.