search for: authmethods_get

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

...nd disallow challenge-response authentication so + we don't just accept it twice :) */ + options.challenge_response_authentication_first = 0; + options.challenge_response_authentication = 0; + options.kbd_interactive_authentication = options.pam_authentication_via_kbd_int; + + methods = authmethods_get(); + packet_start(SSH2_MSG_USERAUTH_FAILURE); + packet_put_cstring(methods); + packet_put_char(1); /* XXX partial success, used */ + packet_send(); + packet_write_wait(); + xfree(methods); } } @@ -272,6 +289,11 @@ authmethods_get(void) char *list; int i; + /* If challenge-response...

...CATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +#ifdef _CRAY + if (strcmp(method, "password") == 0) + cray_login_failure(authctxt->user, IA_UDBERR); +#endif /* _CRAY */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...10 -0000 @@ -241,10 +241,6 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } -#ifdef _UNICOS - if (strcmp(method, "password") == 0) - cray_login_failure(authctxt->user, IA_UDBERR); -#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); Index: sshlogin.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshlogin.c,v retrieving revision 1.9 diff -u -r1.9 sshlogin.c --- sshlogin.c...

...10 -0000 @@ -241,10 +241,6 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } -#ifdef _UNICOS - if (strcmp(method, "password") == 0) - cray_login_failure(authctxt->user, IA_UDBERR); -#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); Index: sshlogin.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshlogin.c,v retrieving revision 1.9 diff -u -r1.9 sshlogin.c --- sshlogin.c...

...03 -0000 @@ -242,10 +242,6 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } -#ifdef _UNICOS - if (strcmp(method, "password") == 0) - cray_login_failure(authctxt->user, IA_UDBERR); -#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); Index: sshlogin.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshlogin.c,v retrieving revision 1.9 diff -u -r1.9 sshlogin.c --- sshlogin.c...

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

...ype '%s'", name); return KEY_UNSPEC; Index: 3_0_2p1.1/auth2.c --- 3_0_2p1.1/auth2.c Wed, 21 Nov 2001 10:38:46 -0500 +++ 3_0_2p1_w_named_keys.1(w)/auth2.c Thu, 24 Jan 2002 10:52:24 -0500 @@ -76,7 +76,7 @@ /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); -static int user_key_allowed(struct passwd *, Key *); +int user_key_allowed(struct passwd *, Key *); static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ @@ -476,7 +476,7 @@ buffer_dump(&b); #endif /* test for correct signature */ - if...

...(authctxt, realname); } diff -ru openssh-3.1p1/auth2.c openssh-3.1p1-mods/auth2.c - --- openssh-3.1p1/auth2.c Thu May 9 12:18:26 2002 +++ openssh-3.1p1-mods/auth2.c Thu May 9 12:19:55 2002 @@ -75,7 +75,7 @@ /* helper */ static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); - -static int user_key_allowed(struct passwd *, Key *); +static int user_key_allowed(struct passwd *, Key *, char *realname); static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* auth */ @@ -105,6 +105,28 @@ {NULL, NULL, NULL} }; +/* VIX + * this p...

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

...*); +void input_gssapi_hash(int type, u_int32_t, void *); +void input_gssapi_error(int, u_int32_t, void *); +void input_gssapi_errtok(int, u_int32_t, void *); +#endif + void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); @@ -208,6 +223,12 @@ static char *authmethods_get(void); Authmethod authmethods[] = { +#ifdef GSSAPI + {"gssapi", + userauth_gssapi, + &options.gss_authentication, + NULL}, +#endif {"hostbased", userauth_hostbased, &options.hostbased_authentication, @@ -278,6 +299,7 @@ authctxt.success = 0; authctxt.met...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |