After installing VAS, users will sometimes not be able to log onto the machine via SSH while being successful with other authentication methods or services. Also, vastool will be able to correctly list user and is fully functional.
Possible causes for this problem are:
- SSH Daemon needs to be restarted.
- SSH Daemon does not support PAM authentication.
The first, and easiest, thing to try when facing this situation would be to restart your SSH daemon. This will make sure that sshd is able to properly communicate and interact with VAS. There are many ways of being accomplishing this. In Solaris 10, for example, use the command: "$ svcadm restart ssh". For other Unix / Linux distributions you can use the rc scripts, which is the most common method, like so: "$ /etc/init.d/sshd restart" (The path to the script may vary on your environment).
The second thing would be to verify that the version of SSH daemon in use is PAM enabled. This can be checked by executing the command: "$ ldd <path_to_your_sshd> | grep pam". If sshd supports pam "libpam.so.0" or something simliar should show in the output. If PAM is supported, to configured sshd to use PAM execute the command: "$ /opt/quest/bin/vastool configure pam sshd" followed by "$ /opt/quest/bin/vastool configure pam ssh". The SSH service will now have to be restarted (some suggestion on how to do it have been provided above in this solution).
If your sshd doesn't not support PAM you will need to upgrade to a current version of sshd, up to date releases of sshd typically will come with PAM support enabled.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center