bugzilla-daemon at mindrot.org
2003-Jul-30 01:48 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From djm at mindrot.org 2003-07-30 11:48 ------- Maybe UsePAM should be a tri-state: "kbd-int", "no" or "always". This is ugly - suggestions wanted. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-24 00:43 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-24 12:53 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From djm at mindrot.org 2003-08-24 22:53 ------- Created an attachment (id=369) --> (http://bugzilla.mindrot.org/attachment.cgi?id=369&action=view) Perform PAM account checks This patch adds PAM account checks after authentication. Tested with passwd and pubkey auth, protos 1 and 2, with and without privsep. Doesn't make PAM chauthtok work - that is tricky with privsep. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-24 12:53 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-25 01:42 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
------- Additional Comments From dtucker at zip.com.au 2003-08-25 11:42 -------
I've looked at patch id #369.
This part is useless:
diff -u -r1.246 session.c
--- session.c 13 Aug 2003 10:31:05 -0000 1.246
+++ session.c 24 Aug 2003 12:44:32 -0000
@@ -719,6 +719,11 @@
if (options.use_pam && is_pam_password_change_required()) {
print_pam_messages();
do_pam_chauthtok();
+
+ /* Permit forwardings if we succeed here */
+ no_port_forwarding_flag &= ~2;
+ no_agent_forwarding_flag &= ~2;
+ no_x11_forwarding_flag &= ~2;
}
#endif
By the time that runs, you are in the process that later execs the user's
shell.
The forwarding flags you need to reset are in its parent.
The patch regress tested OK on Redhat 8.
Something funny is wrong on HP-UX & Solaris (dynamic forwarding tests fail,
not
sure why yet).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-25 03:02 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #369| |ok
Status| |
------- Additional Comments From dtucker at zip.com.au 2003-08-25 13:02 -------
(From update of attachment 369)
The problem with Solaris and HP-UX was with the tests, the code itself is fine.
Passed regression on Solaris 8 & HP-UX 11.00.
ok dtucker@, but the code in session.c should be removed or commented that it
can't work.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-25 03:02 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From dtucker at zip.com.au 2003-08-25 13:02 ------- (From update of attachment 369) The problem with Solaris and HP-UX was with the tests, the code itself is fine. Passed regression on Solaris 8 & HP-UX 11.00. ok dtucker@, but the code in session.c should be removed or commented that it can't work. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-25 03:09 UTC
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From djm at mindrot.org 2003-08-25 13:09 -------
Applied
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.