Displaying 12 results from an estimated 12 matches for "auth_failed".
Did you mean:
auth_fail
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2004 Aug 06
4
No Duplicate Users - Patch
...en(state->filename, "rb");
+ FILE *passwdfile = NULL;
char line[MAX_LINE_LEN];
char *sep;
thread_rwlock_rlock(&state->file_rwlock);
+ if (!state->allow_duplicate_users) {
+ if (auth_is_listener_connected(source, username)) {
+ return AUTH_FAILED;
+ }
+ }
+ passwdfile = fopen(state->filename, "rb");
if(passwdfile == NULL) {
WARN2("Failed to open authentication database \"%s\": %s",
state->filename, strerror(errno));
@@ -208,9 +239,12 @@
state = calloc(...
2004 Aug 06
0
No Duplicate Users - Patch
...es of
> icecast.
>
> thoughts ? comments ?
This is good, but I have one comment...
>
> thread_rwlock_rlock(&state->file_rwlock);
> + if (!state->allow_duplicate_users) {
> + if (auth_is_listener_connected(source, username)) {
> + return AUTH_FAILED;
Currently, we only have a generic 'AUTH_FAILED' here. I'd like to see an
AUTH_FORBIDDEN (or some other name) added, which would be handled in the
connection logic by returning a 403 (not a 401).
What do you think of that?
Mike
--- >8 ----
List archives: http://www.xiph.org/ar...
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All.
Attached is a patch to perform pam_chauthtok via SSH2
keyboard-interactive. It should be simpler, but since Solaris seems to
ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check
if it's expired. To minimise the change in behaviour, it also caches the
result so pam_acct_mgmt still only gets called once.
This doesn't seem to work on AIX 5.2, I don't know
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
I've implemented a patch to openssh which allows the PAM auth layer
to detect if the PAM stack has changed the user name and then adjusts
its internal data structures accordingly. (imagine a PAM stack that
uses individual credentials to authenticate, but assigns the user to
a role account).
First, is the openssh community interested in this patch?
Second, if there is interest in the patch,
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2004 May 31
1
[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail
http://bugzilla.mindrot.org/show_bug.cgi?id=125
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #619 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 -------
2013 May 13
0
Fwd: Seeing non-priv port + auth issue in the gluster brick log
...get 'process-uuid' from reply dict
[2013-05-11 06:38:59.077571] E
[client-handshake.c:1397:client_setvolume_cbk] 0-dpkvol-client-0:
SETVOLUME on remote-host failed: Authentication failed
[2013-05-11 06:38:59.077606] I
[client-handshake.c:1482:client_setvolume_cbk] 0-dpkvol-client-0:
sending AUTH_FAILED event
[2013-05-11 06:38:59.077647] E [fuse-bridge.c:4788:notify] 0-fuse:
Server authenication failed. Shutting down.
[2013-05-11 06:38:59.077680] I [fuse-bridge.c:5212:fini] 0-fuse:
Unmounting '/mnt'.
[2013-05-11 06:38:59.082462] W [glusterfsd.c:970:cleanup_and_exit]
(-->/usr/lib64/libc....