[Info-vax] ssh problem with Multinet 5,3/Itanium

[danoreilly]

On Jan 11, 8:59 am, Malcolm Dunnett <noth... at spammers.are.scum> wrote:
> danoreilly wrote:
> > LDAP-PLUGIN is far from a "placeholder".  When used with our VMS
> > Authentication
> > Module (VAM), it enables full LDAP authentication with any LDAP V3
> > server, which
>
> I certainly didn't mean to cast any aspersions on VAM. It appears to be
> a very versatile product. Unfortunately it's overkill for our
> application and it's an extra cost above the standard Multinet license fee.
>
> What I meant by "placeholder" was that without installing VAM the
> LDAP-PLUGIN module provided with Multinet doesn't do anything

That's correct.

> > >> SSHD 0001[3CC0043E]: FATAL:
> >> DISK$MULTINET_V53_A:[MULTINET_V53A.MULTINET.SSH6.LIB.SSHUTIL.SSHADT]SSHADT.C;1:672
> >> SshADT (function name
> >>   unavailable) Precondition failed: container != ((void *) 0)
> >>    dunnett      job terminated at  8-JAN-2010 19:22:57.74
>
> >> and the SSHD_MASTER.LOG file on the IA64 contains:
>
> >> log: (08-Jan-2010 19:22:53)  Connection accepted from 142.25.103.71 port
> >> 3472
> >> log: (08-Jan-2010 19:22:53)  Executing ssh2 daemon
> >> log: (08-Jan-2010 19:22:53)  Child process started, pid = 3cc0043e
> >> (total active = 1)
> >> log: (08-Jan-2010 19:22:57)  Child process: 3CC0043E terminated (0 remain)
> >> log: (08-Jan-2010 19:22:57)    exit status: %SYSTEM-?-ILLPAGCNT, illegal
> >> page count parameter
>
> > This is something I'm aware of and am looking for a solution.  It's a
> > very rare
> > occurrence (only a very few customers have ever seen this).   If you
> > can make
> > it happen at will, it would be of great help in researching this
> > problem.
>
>    It appears my routine reproduces the error at will. I can send you my
> authentication program and SSHD configuration information if you'd like.

I'll be happy to take a look at it and see if it helps, thanks.

> > KEYBOARD-INTERACTIVE has been supported by MutliNet SSH for several
> > years now.
>
>    When I asked support about this several years ago I was told it was
> unsupported. Perhaps what's not supported is specifying a user-written
> plug-in that implements keyboard-interactive? I couldn't find any
> documentation on how to do this, it was only by poking around that I
> found that replacing LDAP-PLUGIN with my own module that implemented the
> standard keyboard-interactive that I found I could make it work.

Well, certainly reverse-engineering the process is unsupported,
inasmuch as we don't guarantee
something in the future won't change in the protocol, and also that we
obviously can't support
user-written interfaces to the server.  I suspect that's what the
answer you received referred to.