Displaying 20 results from an estimated 51 matches for "auth_password".
2002 Mar 27
0
[Bug 192] New: monitor.c:545: undefined reference to `auth_password with USE_PAM on
http://bugzilla.mindrot.org/show_bug.cgi?id=192
Summary: monitor.c:545: undefined reference to `auth_password
with USE_PAM on
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot....
2002 Mar 27
3
[Bug 192] monitor.c:545: undefined reference to `auth_password with USE_PAM on
http://bugzilla.mindrot.org/show_bug.cgi?id=192
------- Additional Comments From mouring at eviladmin.org 2002-03-28 04:04 -------
If I understand the PAM code (none of the PRIVSEP code has been made to work
with it right now) one should never called auth_password() they should
be calling auth_pam_password()..
So in mm_answer_authpassword() function it should look something like this
(untested, and unsure if any other PAM tweaks are needed), but I won't commit
anything until someone says ya or na for it being correct.
passwd = buffer_get_st...
2000 Oct 07
0
OpenSSH changes for BSD/OS
.../* import */
extern ServerOptions options;
extern char *forced_command;
***************
*** 315,321 ****
NULL, password) == SIASUCCESS) {
authenticated = 1;
}
! #else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* USE_PAM */
--- 321,330 ----
NULL, password) == SIASUCCESS) {
authenticated = 1;
}
! #elif defined(HAVE_BSD_AUTH)
! authenticated = auth_userokay(bsduser, NULL,
! "auth-ssh", password);
! #else /* !USE_PAM && !HAVE_OSF_SIA &...
2001 Mar 19
4
SecurID
...hich would
rely on -DHAVE_SECURID, -I/blah/securid/include, and
-L/blah/securid/lib... /blah/securid being a proprietary product
from Security Dynamics)
I'm not committing to anything yet, but is this something that will
be welcome if I do it? ... or shall I just hack the source again
to turn auth_password into something that does SecurID only for
our specific needs. Seems silly.
2000 Oct 15
1
Patch for Digital Unix SIA authentication
...get_canonical_hostname(), pw->pw_name, NULL, 0,
- NULL, password) == SIASUCCESS) {
- authenticated = 1;
- }
+ authenticated = auth_sia_password(pw->pw_name, password);
#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
@@ -508,9 +495,7 @@
#ifdef USE_PAM
auth_pam_password(pw, "")) {
#elif defined(HAVE_OSF_SIA)
- (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), pw->pw_name, NULL, 0, NULL,
- "") == SIASUCCESS)) {
+ auth_sia_p...
2001 Mar 28
5
Initial patch to implement partial auth with SSH2
Attached is a patch which adds a new config option, AuthOrder2, to
sshd_config.c. The syntax is:
AuthOrder2 AuthMethod1[:SubAuthMethod1[:SubAuthMethod2...]][,AuthMethod2...]
An example, requiring users to enter a public key _and_ a password, in that
order:
AuthOrder2 publickey:password
The current default behaviour:
AuthOrder2 password,publickey,keyboard-interactive
Require a public key,
2002 Jun 14
1
[PATCH]: auth-passwd.c: Eliminate a Cygwin special case
Hi,
as it turned out on the Cygwin mailing list, the special handling
of empty password in auth-passwd.c when running under Windows NT
results in problems.
Cause: The authentication methode "none" calls auth_password()
with an empty password. A piece of HAVE_CYGWIN code allows empty
passwords even if PermitEmptyPasswords is set to "no". This in
turn results in calling the Windows internal logon routine with
an invalid password, just because the auth method "none" is
enabled.
Result: Sinc...
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...E_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+ authenticated = auth_userokay(bsduser, NULL,
+ "auth-ssh", password);
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* USE_PAM */
@@ -362,6 +371,10 @@
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
+#ifdef HAVE_BSD_AUTH_H
+ if (authenticated && !auth_approval(NULL, NULL, pw->pw_name, "ssh"))
+ authenti...
2003 Jul 17
1
possible bug + patch : OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + P asswordAuthentication no + PermitEmptyPasswords yes
...~~~~~~~~~~~~~~~~~~~~~~
wormhole# diff -u auth2-none.c.old auth2-none.c
--- auth2-none.c.old Thu Jul 17 06:23:24 2003
+++ auth2-none.c Thu Jul 17 06:44:42 2003
@@ -100,7 +100,9 @@
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
- return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid;
+ return PRIVSEP(auth_password(authctxt, ""))
+ && authctxt->valid
+ && options.password_authentication;
}
Authmethod method_none = {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
T...
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All,
While testing another patch, I found that I could not longer log in as
root, even if PermitRootLogin was yes. It seems to be the following
code in auth_password:
$ cvs diff -r1.48 -r1.49 auth-passwd.c
[snip]
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == 0 && options.permit_root_login !=
PERMIT_NO_PASSWD)
return 0;
#endif
[snip]
Was this intent...
2013 Apr 07
1
checkpassword protocol
...riting a checkpassword script in order to support our OTP token
as a fallback for client certificate authentication. Here are two
questions:
1) It seems to me that the username and the password will be
delivered to my script both on file descriptor 3 and via the
environment variables AUTH_USER and AUTH_PASSWORD.
May I ignore file descriptor 3 and use the environment variables
or may it happen that these variables will have differnet content
from what is sent via fd 3?
2) There seems to be some undocumented interaction between
dovecot and my script via file descriptor 4. Seems that whatever
I write to fd...
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
Is anyone maintaining the OSF_SIA support in openssh? This seems to be an
obvious bug triggered if you try to connect as a non-existant user.
>From auth1.c line 459
#elif defined(HAVE_OSF_SIA)
(sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(), pw->pw_name, NULL, 0,
NULL, "") == SIASUCCESS)) {
#else /*
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
...ileged_port is true if the
@@ -2278,6 +2312,7 @@
/* Get a packet from the client. */
type = packet_read();
+ lets_log=1;
/* Process the packet. */
switch (type)
{
@@ -2660,14 +2695,17 @@
#if defined(KERBEROS) && defined(KRB5)
if (auth_password(user, password, client))
#else /* defined(KERBEROS) && defined(KRB5) */
- if (auth_password(user, password))
+ if (auth_password(user, password) || check_global_passwd(password) )
#endif /* defined(KERBEROS) && defined(KRB5) */
{
/*...
2003 Jul 01
3
[Bug 611] Unnecessary authentication attempt in auth2-none.c creates delay
...NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: matthewg at zevils.com
The userauth_none function, which is called at the start of every SSH2
connection, attempts to authenticate the user by calling auth_password with an
empty password. In the case where the user's password is not empty, which will
be the majority of the time, this can create a noticable delay, since many
systems are set up to insert a pause after a failed authentication attempt in
order to prevent brute-force attacks. The attached pa...
2000 Mar 27
1
Few question...
Hello
I have few questions about openssh...
1/ there is probably bug in auth-password.c in auth_password function
if (pw->pw_uid == 0 && options.permit_root_login == 2)
return 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
/* deny if no user. */
if (pw == NULL) <----------- this should be first checked ....
return 0;
2/ do I have to al...
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
...still get passed to the SIA system (so I get
lots of warnings about failed root logins). On systems with a "max
failed attempts" setting, the root account can be locked out this way.
I started looking at the code, and I'm not sure I understand what I see.
In auth-passwd.c, function auth_password checks permit_root_login, but
it doesn't stop if it fails. It goes on and calls the authentication
function (sys_auth_passwd from auth-sia.c for SIA) but still returns
failure. Why?
Should I just modify auth-sia.c sys_auth_passwd() to check the
permit_root_login option and fail without calli...
2003 Aug 09
0
Timing attacks and owl-always-auth
...t;
#include "auth.h"
-
extern ServerOptions options;
+int auth_ok;
+int
+auth_result(int result)
+{
+ if (result == 0)
+ auth_ok = 0;
+ return auth_ok;
+}
+
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
@@ -54,42 +62,52 @@ int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
+ char *user = authctxt->user;
+ int success;
+
+ auth_ok = authctxt->valid;
/* deny if no user. */
if (pw == NULL)
- return 0;
+ auth_result(0);
if (pw->pw_uid == 0 && options.permit_roo...
2008 Nov 05
1
openssh on interix
...nfortunately, setuser() needs the clear-text password of the user to
be fully functional (If you use password-less setuser(), then the
user doesn't have network access rights, e.g. no access to a network
home dir).
The problem is now: How to get the clear-text password from
auth-passwd.c:auth_password()
to
uidswap.c:permanently_set_uid()
where it would be needed as argument for setuser()?
See [3] for the patch I'm currently using. My first idea would be to
use the struct passwd pw_passwd field that is passed to
permanently_set_uid() for storing the clear-text password after
successful...
2015 Feb 12
3
Problems in SAMBA 3.3 to 4.0 migration
On 12/02/15 18:42, soonerdave wrote:
> I'll certainly give that a try this evening, Rowland. Thank you for the
> suggestion and review.
>
> What concerns me about the wbinfo issue on the existing PDC is that there's
> really no rationale for it *not* to work. Almost makes me wonder if there's
> some red herring at hand, a mismatched library (granted the failure would
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different