search for: authenticate

Hi I am experimenting with Constructor based dependency injection for rails controllers. So I have something like this class LoginSessionsController < ApplicationController def initialize(authenticator = TheRealAuthenticator) @authenticator = authenticator end .... end The plan was to override the authenticator used when testing with something like describe

...bet ;-) This has never worked for me, but everything else seems to work, so I ignore it: rowland at devstation:~$ wbinfo -a rowland Enter rowland's password: plaintext password authentication succeeded Enter rowland's password: challenge/response password authentication failed Could not authenticate user rowland with challenge/response rowland at devstation:~$ wbinfo -a rowland Enter rowland's password: plaintext password authentication succeeded Enter rowland's password: challenge/response password authentication failed Could not authenticate user rowland with challenge/response rowla...

Hi all, I'm setting a mailserver using dovecot version: 2.1.7. On the server I have a couple of system users using PAM authentication and a lot of virtual users using SQL authentication. When a virtual user (e.g. david at virtdomain.de) logs in dovecot tries to authenticate the user via PAM and after failing it uses SQL: Mar 19 11:39:42 orange dovecot: auth-worker(7815): pam(david at virtdomain.de,<ip address>): pam_authenticate() failed: Authentication failure (password mismatch?) Mar 19 11:39:42 orange dovecot: auth: passwd(david at virtdomain.de,<ip addre...

I need to allow [read] access to a Samba server using both IP filtering & UserIDs . For a given list of IP subnets, any user should have access. Outside these 'trusted' subnets, I need to do User authentication. I can handle the User authentication OK in several ways. However, I don't see any way to do the 'short circuit' allow for some IPs, then use User authentication

Hi, I?ve posted this before but no one was able to help. I can?t figure out what they are trying to do, and if I should be concerned. I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my dovecot server is under attack. This morning in my system e-mail I saw this: dovecot: Authentication Failures: rhost= : 23431 Time(s)

...ile I prefer RSA user authentication. I've made a patch to the server which adds a new configuration option: RSAHostOtherAuthentication. When this option is enabled RSA host authentication is turned on, but without the rhosts check. Also, RSA host authentication on its own is insufficient to authenticate the user. The server also requires one other authentication method to succeed. It doesn't matter which, and the order in which the methods are tried doesn't matter. With this modified server I can enable RSA authentication of both the remote host and the user. This only works if the clien...

...but everything else seems to work, so I > ignore it: > > rowland at devstation:~$ wbinfo -a rowland > Enter rowland's password: > plaintext password authentication succeeded > Enter rowland's password: > challenge/response password authentication failed > Could not authenticate user rowland with challenge/response > rowland at devstation:~$ wbinfo -a rowland > Enter rowland's password: > plaintext password authentication succeeded > Enter rowland's password: > challenge/response password authentication failed > Could not authenticate user rowland...

I had similar problems when my auth.php was on password protected http server...but after applying the following configuration i've got it working: <mount> <mount-name>/Test</mount-name> <authentication type="url"> <option name="listener_add" value="http://user:pass@127.0.0.1/auth/action.php"/> <option

Hi all I'm not sure whether to go to the ppp lists for this, or the samba lists. I thought I'd try here first. I have a linux firewall using winbind to authenticate users coming in with PPTP. It all seemed to work OK at first. After a while I noticed that authentication was denied to users who had previously (as in less than a day) authenticated successfully. After a day or so of fighting with this setup, I found that restarting winbindd will allow users t...

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

...> > ignore it: > > > > rowland at devstation:~$ wbinfo -a rowland > > Enter rowland's password: > > plaintext password authentication succeeded > > Enter rowland's password: > > challenge/response password authentication failed > > Could not authenticate user rowland with challenge/response > > rowland at devstation:~$ wbinfo -a rowland > > Enter rowland's password: > > plaintext password authentication succeeded > > Enter rowland's password: > > challenge/response password authentication failed > > Could...

Hello, We're starting to use FreeIPA in house (which is awesome btw) which means that Kerberos and TLS client certificate authentication is suddenly quite easy. Im looking for a list of common Linux services with data on how one can Authenticate/Authorise for these services. * httpd support TLS client certificate authentication and Kerberos * rabbitmq supports TLS client certificate authentication * dovecot supports Kerberos and ... etc, etc Cheers, Andrew

Hi, I was looking into the new Authentication Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is actaully happening on the IMAP protocol level, but rather the result of the passdb chain in the proxy. (I should probably have predicted this, it's k...

...ent_node); + } + + avl_tree_unlock(source->client_tree); + return 0; + +} + auth_result auth_check_client(source_t *source, client_t *client) { auth_t *authenticator = source->authenticator; @@ -71,7 +95,7 @@ password = tmp+1; result = authenticator->authenticate( - authenticator, username, password); + authenticator, source, username, password); if(result == AUTH_OK) client->username = strdup(username); @@ -106,6 +130,7 @@ typedef struct { char *filename; + int allow_duplicate_users;...

http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig I should have released this earlier since v1.1.6 had that annoying startup problem, but surprisingly few people complained about it so I kind of forgot about it then. BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully supported, there aren't any widely used IMAP

http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig I should have released this earlier since v1.1.6 had that annoying startup problem, but surprisingly few people complained about it so I kind of forgot about it then. BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully supported, there aren't any widely used IMAP

...n with key-authentication. On AIX however if we use key-authentication it always hits NIS before VAS. IBM is telling us that it is because that's how SSH works and we keep trying to tell them that it doesn't work like that anywhere else - only on AIX. It's my understanding that SHH will authenticate in the order established by the OS and not vice-versa - is this thinking correct? We have workarounds for the issue, but we'd like to have IBM own up to what we perceive as a flaw in their authentication model instead of blaming it on how SSH works. Here is the latest from their developers:...

...enSSH takes with GSSAPI credential delegation (creating a temporary file and setting environment variables to point to it), OpenSSH attempts to store the forwarded X11 authentication credentials into ~/.Xauthority. Obviously, attempting to store the credentials in this manner will fail if the user authenticates via a mechanism that neither acquired nor passed credentials (e.g., public-key authentication). For (e.g.) NFSv4+GSSAPI, one can attempt to work around this with ~/.ssh/rc, as follows: #! /bin/sh exec 1>&2 if [ "x${KRB5CCNAME}" = x ]; then echo "No Kerbero...

...wbinfo -a anyuser%goodpassword plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo -a anyuser%badpassword plaintext password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc000006a) error messsage was: Wrong Password Could not authenticate user anyuser%badpassword with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user anyuser with challenge/response # wbinfo -a anyuser%goodpassword plaintext password...

I am attempting to access the in-built LDAP backend to use for authentication for an external web app. When connecting to the server, an error is returned "Strong(er) authentication is required (8) for user" Google suggests that this is due to the fact that simple authentication is not enabled on the LDAP server. This web app, however, does not support SASL. So, is it possible to