search for: abandon_challenge_response

...switches to some other authentication method, verify_response() will never run, and the kbdint device context will never be freed. In some cases (such as when the FreeBSD PAM authentication code is being used) this may cause a resource leak leading to a denial of service. The attached patch adds abandon_challenge_response() to auth-chall.c, and code to auth1.c to call it if challenge-response authentication was initiated but not completed. DES -- Dag-Erling Sm?rgrav - des at ofug.org -------------- next part -------------- A non-text attachment was scrubbed... Name: sshd-auth-chall.diff Type: text/x-patch Size: 2...

Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and