Displaying 7 results from an estimated 7 matches for "3pam".
Did you mean:
32am
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
...s not calling, or ignoring non-success return
values of pam_acct_mgmt() yet still allowing access to the account,
then the application has a gaping hole and is at fault.
- A PAM module may defer authentication and authorization, in
password-change-required situations, to pam_sm_chauthtok(3PAM), but
if so it must: a) return PAM_SUCCESS from its
pam_sm_authenticate(3PAM) _AND_ b) return PAM_NEW_AUTHTOK_REQD from
its pam_sm_acct_mgmt(3PAM).
Kerberos V and LDAP BIND type modules typically do this.
If it does otherwise then it will either not support password aging
or spo...
2004 May 18
2
pam_setcred fails for "USE_POSIX_THREADS + non-root users + PrivSep yes"
Hello,
We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a
non-root user with PAM [pam-kerberos] then I get the following error.
debug3: PAM: opening session
debug1: PAM: reinitializing credentials
PAM: pam_setcred(): Failure setting user credentials
This is particularly for non-root users with PrivSep YES. When I connect to
a root user with PrivSep YES or to a non-root
2005 May 22
3
[Bug 926] pam_session_close called as user or not at all
http://bugzilla.mindrot.org/show_bug.cgi?id=926
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|994 |
nThis| |
------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
...eeded??
Because you are supposed to call pam functions in this order:
pam_start(pamh,...);
pam_authenticate(pamh, ...);
pam_acct_mgmt(pamh,
pam_setcred(pamh, PAM_ESTABLISH_CRED)
...
pam_setcred(pamh, PAM_DELETE_CRED);
pam_end(pamh);
This is quite clear from the Solaris man page for pam_setcred(3pam)
" The pam_setcred() function is used to establish, modify, or
delete user credentials. It is typically called after the
user has been authenticated and after a session has been
opened. See pam_authenticate(3PAM), pam_acct_mgmt(3PAM),
and pam_open_session(3P...
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
...>credentials as pam_get_item(PAM_USER)."
That is wrong and is one thing the XSSO doc is clear on:
"The pam_setcred() function is used to establish, modify, or delete the
credentials of the current user associated with the authentication handle,
pamh. "
The Solaris pam_setcred(3pam) man page is less clear - I'll file a man
page bug for Solaris to get it clarified better.
>And, given what OpenSSH does, it seems that
>pam_setcred(PAM_REINITIALIZE_CREDS) should be called with
>(euid==0 || uid==0) and gid/egid/groups setup to be the PAM_USER's.
That depends and...
2002 Jan 29
21
locked account accessable via pubkey auth
maybe this is a silly question ;-) But why is it possible to login on a
machine with a locked account (passwd -l ) via pubkey-authentication
(authorized_keys) ?
I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not
happen.
If this is the normal behaviour and built in intentionally what would be the
easiest way to lock an account without deleting the users authorized_keys ?
2003 May 12
10
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559
Summary: PAM fixes
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at fcusack.com
- start PAM