search for: pam_sm_authenticate

Displaying 20 results from an estimated 110 matches for "pam_sm_authenticate".

2014 Jul 29
0
PAM and YubiKeys
...:parse_cfg(778)] yubi_attr_prefix=(null) [../pam_yubico.c:parse_cfg(779)] url=(null) [../pam_yubico.c:parse_cfg(780)] capath=(null) [../pam_yubico.c:parse_cfg(781)] token_id_length=12 [../pam_yubico.c:parse_cfg(782)] mode=client [../pam_yubico.c:parse_cfg(783)] chalresp_path=(null) [../pam_yubico.c:pam_sm_authenticate(823)] get user returned: jack [../pam_yubico.c:pam_sm_authenticate(929)] conv returned 44 bytes [../pam_yubico.c:pam_sm_authenticate(947)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [../pam_yubico.c:pam_sm_authenticate(954)] OTP: ccccccbcitfdueencldivbcjvghv...
2005 Nov 11
0
pam_krb5 pam_sm_authenticate question
...am_krb5 this was OK. I didn't need to have AD users in my local /etc/passwd for authentication to be successful. This is not possible using FreeBSD's pam_krb5.so because of the getpwnam in the authentication function of pam_krb5.c. I'm not trying to build a bikeshed but shouldn't pam_sm_authenticate verify the password and pam_sm_acct_mgmt verify that the user has a local account? If this were the case then you could setup other services like ftp and such to use pam_krb5 for AD authentication. -Corey Smith
2015 Sep 28
4
[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW
2018 Feb 12
3
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...utput below, my explanation of the backtrace is below (cronological order / newest item last): - Dovecot had successfully performed pam_start(), the necessary pam_set_item(), and called pam_authenticate(pamh, 0) https://github.com/dovecot/core/blob/2.2.33.2/src/auth/passdb-pam.c#L158 - PAM called pam_sm_authenticate() in /usr/lib/libpam/modules/pam_krb5/pam_krb5.c which successfully got the user, ruser, service, principal, password, checked local user, and then ran krb5_get_init_creds_opt_set_default_flags https://github.com/freebsd/freebsd/blob/master/lib/libpam/modules/pam_krb5/pam_krb5.c#L242 - Heimdal krb...
2018 Feb 12
0
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...backtrace is below > (cronological order / newest item last): > > - Dovecot had successfully performed pam_start(), the necessary > pam_set_item(), and called pam_authenticate(pamh, 0) > https://github.com/dovecot/core/blob/2.2.33.2/src/auth/passdb-pam.c#L158 > > - PAM called pam_sm_authenticate() in > /usr/lib/libpam/modules/pam_krb5/pam_krb5.c which successfully got the > user, ruser, service, principal, password, checked local user, and then ran > krb5_get_init_creds_opt_set_default_flags > https://github.com/freebsd/freebsd/blob/master/lib/libpam/modules/pam_krb5/pam_krb5.c...
2010 Jul 20
5
Record Failed Passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi OpenSSH'ers, I am emailing you to ask is it possible to record failed passwords attempts and log them to syslog? Are there patches available for this? Has anyone managed to do this before? Are there alternitive methods? Many Thanks, A - -- Alan Neville, Postgraduate Education Officer, DCU Students' Union 2009/2010, BS.c Computer
2004 Nov 09
1
Solaris + PAM/LDAP + pubkey failing?
...ering Nov 9 10:00:07 sshserver sshd[27977]: [ID 384020 auth.debug] PAM[27977]: pam_set_item(7f6e8:conv) Nov 9 10:00:07 sshserver sshd[27977]: [ID 225850 auth.debug] PAM[27977]: pam_authenticate(7f6e8, 1) Nov 9 10:00:07 sshserver sshd[27977]: [ID 348363 auth.debug] PAM[27977]: load_modules(7f6e8, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1 Nov 9 10:00:07 sshserver sshd[27977]: [ID 258498 auth.debug] PAM[27977]: load_function: successful load of pam_sm_authenticate Nov 9 10:00:07 sshserver sshd[27977]: [ID 348363 auth.debug] PAM[27977]: load_modules(7f6e8, pam_sm_authenticate)=/usr/lib/securit...
2012 Apr 17
0
Problems with samba as PDC
...Password Password: Wrong Password Password: Wrong Password Permission denied (publickey,keyboard-interactive). [testme at hp1 ~]$ And from the logs on the system dt0 [root at dt0 /var/log]# tail debug.log Apr 16 12:17:08 dt0 sshd[80774]: pam_winbind(sshd): [pamh: 0x80300b840] LEAVE: pam_sm_authenticate returning 9 (PAM_AUTH_ERR) Apr 16 12:42:39 dt0 sshd[81031]: pam_winbind(sshd): [pamh: 0x80300b840] ENTER: pam_sm_authenticate (flags: 0x0001) Apr 16 12:42:39 dt0 sshd[81031]: pam_winbind(sshd): getting password (0x00004001) Apr 16 12:42:42 dt0 sshd[81031]: pam_winbind(sshd): [pamh: 0x80300b840]...
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as required by PAM even though the user can't be said to be authenticated at that point. The problem with this is that by the time pam_acct_mgmt() is called in OpenSSH userauth has been completed, so kbd-interactive...
2013 Dec 03
2
winbind when machine account is not allowed to read users from ad
...* : backend = tdb valid users = %U /var/log/auth.log: login[739]: pam_unix(login:auth): check pass; user unknown login[739]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost= login[739]: pam_winbind(login:auth): [pamh: 0x190d460] ENTER: pam_sm_authenticate (flags: 0x0000) login[739]: pam_winbind(login:auth): getting password (0x00004389) login[739]: pam_winbind(login:auth): pam_get_item returned a password login[739]: pam_winbind(login:auth): Verify user 'USER' login[739]: pam_winbind(login:auth): PAM config: krb5_ccache_type 'FILE' l...
2009 Apr 24
0
Winbind errors result in no logins!
...5:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): pam_winbind_request: read from socket failed! Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): internal module error (retval = 3, user = 'NA\nda') Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): [pamh: 0xa0c91c0] LEAVE: pam_sm_authenticate returning 3 Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): pam_winbind_request: read from socket failed! Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): internal module error (retval = 3, user = 'na\sja') Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): [...
2004 Jan 30
0
RE: Back to 3.0.1, Winbind and Solaris 9 (Mike Dorofeev )
...ve the patch installed. I can't > > think what else the problem could be. > > > > I can't see what happens after I type in my password. Pamlog looks > > like this - > > > > Jan 29 11:28:27 sun001 login: [ID 634615 auth.debug] > > pam_authtok_get:pam_sm_authenticate: flags = 0 > > Jan 29 11:28:31 sun001 login: [ID 378613 auth.debug] pam_dhkeys: > > user ganguly not found Jan 29 11:28:31 sun001 login: [ID 896952 > > auth.debug] > > pam_unix_auth: entering > > pam_sm_authenticate() > > Jan 29 11:28:31 sun001 login: [ID 21934...
2008 Feb 27
0
authenticating a linux samba client to a win2k domain
...il_sid.c:string_to_sid(242) string_to_sid: Sid S-0-0 is not in a valid format. [2008/01/14 16:22:12, 0] nsswitch/winbindd_util.c:trustdom_recv(268) Got invalid trustdom response Which results in a bad authentication: /var/log/pam.log Jan 14 16:29:03 sandbox pam_winbind[2632]: pam_winbind: pam_sm_authenticate (flags: 0x0000) Jan 14 16:29:07 sandbox pam_winbind[2632]: Verify user `testuser' Jan 14 16:29:17 sandbox pam_winbind[2632]: request failed: NT_STATUS_IO_TIMEOUT, PAM error was System error (4), NT error was NT_STATUS_IO_TIMEOUT Jan 14 16:29:17 sandbox pam_winbind[2632]: internal module err...
2007 Aug 14
0
Winbind fails to refresh Kerberos tickets (3.0.25b - Fedora Core 5) - 2nd Try
...sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE debug session required pam_unix.so /var/log/secure: [The ticket expired during the night between these log events] ug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): [pamh: 0x0061b220] ENTER: pam_sm_authenticate (flags: 0x0000) Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000191) Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pa...
2008 Jan 14
1
Authenticating a linux samba client to a win2k domain
...util_sid.c:string_to_sid(242) string_to_sid: Sid S-0-0 is not in a valid format. [2008/01/14 16:22:12, 0] nsswitch/winbindd_util.c:trustdom_recv(268) Got invalid trustdom response Which results in a bad authentication: /var/log/pam.log Jan 14 16:29:03 sandbox pam_winbind[2632]: pam_winbind: pam_sm_authenticate (flags: 0x0000) Jan 14 16:29:07 sandbox pam_winbind[2632]: Verify user `testuser' Jan 14 16:29:17 sandbox pam_winbind[2632]: request failed: NT_STATUS_IO_TIMEOUT, PAM error was System error (4), NT error was NT_STATUS_IO_TIMEOUT Jan 14 16:29:17 sandbox pam_winbind[2632]: internal module err...
2004 Jan 30
0
RE: Back to 3.0.1, Winbind and Solaris 9 (Mike Dorofe ev )
...the patch installed. I can't > > think what else the problem could be. > > > > I can't see what happens after I type in my password. Pamlog looks > > like this - > > > > Jan 29 11:28:27 sun001 login: [ID 634615 auth.debug] > > pam_authtok_get:pam_sm_authenticate: flags = 0 > > Jan 29 11:28:31 sun001 login: [ID 378613 auth.debug] pam_dhkeys: > > user ganguly not found Jan 29 11:28:31 sun001 login: [ID 896952 > > auth.debug] > > pam_unix_auth: entering > > pam_sm_authenticate() > > Jan 29 11:28:31 sun001 login: [ID 219349...
2009 Mar 13
1
PAM_WINBIND problem with sambaPwdMustChange
...nt pam_unix.so nullok obscure md5 password required pam_winbind.so session optional pam_unix.so session optional pam_winbind.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=077 Debug PAM: pam_winbind(gdm:auth): [pamh: 0x88bcf70] ENTER: pam_sm_authenticate (flags: 0x0000) pam_winbind(gdm:auth): getting password (0x00000181) pam_winbind(gdm:auth): Verify user 'sachs' pam_winbind(gdm:auth): CONFIG file: krb5_ccache_type 'FILE' pam_winbind(gdm:auth): enabling krb5 login flag pam_winbind(gdm:auth): enabling request for a FILE krb5 cc...
2008 Jan 20
1
winbind forced password change requires interactive shell
...;ve also tried running pam_winbind with debugging. When logging in non-interactively, I'll get: sshd[12345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=user2 sshd[12345]: pam_winbind(sshd:auth): [pamh: 0x12345678] ENTER: pam_sm_authenticate (flags: 0x0001) sshd[12345]: pam_winbind(sshd:auth): getting password (0x00000011) sshd[12345]: pam_winbind(sshd:auth): pam_get_item returned a password sshd[12345]: pam_winbind(sshd:auth): Verify user 'user2' sshd[12345]: pam_winbind(sshd:auth): request failed: Must change password, PAM er...
2010 Sep 09
3
winbind authentification trouble
...ctions = yes | idmap uid = 10000-20000 | idmap gid = 10000-20000 | template shell = /bin/bash | winbind enum groups = yes | winbind enum users = yes | winbind use default domain = yes and if someone tries to login, I get: | [...] sshd[19524]: pam_winbind(sshd:auth): [pamh: 0x7f4a5dd15040] ENTER: pam_sm_authenticate (flags: 0x0001) | [...] sshd[19524]: pam_winbind(sshd:auth): getting password (0x00000011) | [...] sshd[19524]: pam_winbind(sshd:auth): pam_get_item returned a password | [...] sshd[19524]: pam_winbind(sshd:auth): Verify user 'sfroehli' | [...] sshd[19524]: pam_winbind(sshd:auth): request f...
2017 Mar 13
1
pam_winbind with trusted domain
...MREMOTE\\\\testuser from 192.168.1.1 port 44848 ssh2 [preauth] sshd[9569]: pam_unix(sshd:auth): check pass; user unknown sshd[9569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] ENTER: pam_sm_authenticate (flags: 0x0001) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_SERVICE) = "sshd" (0x7fc74c2c9380) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_USER) = "DOMREMOTE\testuser" (0x7fc74c2c9fe0) sshd[9569]: pam_winbind(sshd:aut...