bugzilla-daemon at mindrot.org
2002-Feb-13 12:00 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 ------- Additional Comments From djm at mindrot.org 2002-02-13 23:00 ------- Created an attachment (id=24) Fake username for invalid ssh protocol 1 users ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Feb-13 12:00 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 ------- Additional Comments From djm at mindrot.org 2002-02-13 23:00 ------- Does the attached patch help? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Feb-14 09:39 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2002-02-14 20:39 ------- It works for me - committing. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Feb-14 13:06 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 abartlet at samba.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From abartlet at samba.org 2002-02-15 00:06 ------- Why NOUSER? What is wrong with the user they specified? Why can't we do the full auth for the user - let PAM do its thing and then bail? This would allow users who use pam_unix's 'audit' flag (for example) to get accurate and consistant failed password logs across all deamons on a system. Then, if for some reason PAM still thinks they are perfectly valid (despite no /etc/passwd entry) *then* we kill it off. How does this sound? I'll propose a patch if required. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Feb-14 13:26 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2002-02-15 00:26 ------- NOUSER hides disclosure of passwords from users who accidentally type their password into a login prompt. please open another buf if you want to change the functionality. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Feb-14 14:21 UTC
[Bug 114] Invalid users vs. PAM (protocol 1 only (?))
http://bugzilla.mindrot.org/show_bug.cgi?id=114 ------- Additional Comments From peak at argo.troja.mff.cuni.cz 2002-02-15 01:21 ------- Well, when a user types his/her password as a login name, it will probably appear in the log anyway (in a message generated by sshd itself: Feb 14 15:07:14 kunhuta sshd[17775]: Failed password for illegal user blabla from 127.0.0.1 port 2995). Nevertheless, the patch appears to solve the problem I reported. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.