similar to: SSHD does not cleanup kerberos ticket while root logins

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. Situation: - small public school - We have Ubuntu Server 11.04 64-bit - Samba 3.5.8 as PDC - Windows XP and Windows 7 Pro SP1 clients - On Windows XP everything works. Login is quick and reliable there. Problem: But

Hi guys While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

Hello, My first problem is compilation against Heimdal. It does not work because of the following: /products/source/heimdal/heimdal-0.5.1/i386_linux24/lib/roken/../../../lib/r oken/getprogname.c(.text+0xc): multiple definition of `get_progname' openbsd-compat//libopenbsd-compat.a(bsd-misc.o)(.text+0x0):/usr1/ahaupt/open ssh-3.6.1p1/openbsd-compat/bsd-misc.c: first defined here /usr/bin/ld:

Hello everyone, As you may be aware, we are holding the first OpenNebula Conference [1] in Berlin, this 24-26 September. The conference is the perfect place to learn about practical Cloud Computing, aimed at cloud users, developers, executives and IT managers to help them tackle their computational and business challenges. The goal is to foster fruitful and educational discussions around Cloud

On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote: > On 1/16/2017 2:09 PM, Ron Frederick wrote: >> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.

For root sessions pam_open_session is called, but not pam_close_session. sshd behavior is broken for root logins because if pam session is run from the child, close is never called due to exec: on open since use_privsep is not set, parent calls do_exec_pty(), which does not open session. then, it skips calling do_setusercontext(), so it does not open session. child calls

http://bugzilla.mindrot.org/show_bug.cgi?id=354 Summary: sshd with privsep doesn't do pam session setup properly Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for

Hello, I'm trying to implement setting of user limits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL

Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================

Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,

Hello I've got a problem with pam-script and ssh. pam-script is a module for PAM that enables execution of given script while pam session opens and/or closes. I try to use it with ssh while logging in and out: it is kind of login and logout scripts. PAM session creation is done in function do_pam_session which is invoked by do_setusercontext which is invoked by do_child. do_child function is

http://bugzilla.mindrot.org/show_bug.cgi?id=969 Summary: early setpcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Hi all. I am cleaning up (I hope) one of the nastier pieces of code in openssh: do_setusercontext which is/was a twisty maze of platform-specific nested ifdefs. I made a series of changes[1] where I moved each platform-specific piece into a portable-only file platform.c, which does not need to be kept in sync with OpenBSD. The changes did not (I hope!) change the semantics, but there's one

Hello, I'm trying to compile a static openssh-server, simply by running: export LDFLAGS=-static ./configure make sshd but the linker shows the warnings I've quoted on the bottom of this mail. The warnings say that I cannot use NSS functions when statically compiling. This makes sshd not work because at runtime, every call to getpwnam returns 0. Do you know a way to compile openssh

I am trying to build a static version of ssh, sshd and sftp, but after banging my head against the wall for the best part of the last 3 days I am about to give up... Since I plan to use this on an embedded device (building dropbear is *NOT* an option!), I've excluded as many openssh configure options as I can but, ultimately, failed. This is my setup: export LDFLAGS=' -pie -z relro -z

http://bugzilla.mindrot.org/show_bug.cgi?id=298 Summary: sshd fails to set user context, preventing all logins, also setgroups is failing Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: BSDI Status: NEW Severity: major Priority: P2 Component: sshd