search for: authtok

...e modules are responsible for localizing any strings sent to the conversation function. ---- But sshpam_passwd_conv() "Assumes that echo-off prompts are for the password" and pass password as a reply. It could lead that password is exposed to a wrong consumer. Correct solution is to set AUTHTOK before pam_autheticate is called in sshpam_auth_passwd() function. Something like this: pam_set_item(sshpam_handle, PAM_AUTHTOK, password); -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assig...

On 05/11/2015 10:06 AM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. Hate to say that we're running out of options. I had a CentOS 7 system similar to yours, with LDAP authentication. I added three lines to sssd.conf (for access provider, etc), restarted sssd, and

...ault]]] [pam_print_data] (0x0100): tty: ssh (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): ruser: (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): rhost: myhost.mydomain.com (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): authtok type: 0 (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): priv: 0 (Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): cli_pid: 5921 (Tue May 12 13:16:36 2015) [...

...e[default]]] [pam_print_data] (0x0100): tty: ssh (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): ruser: (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): rhost: 10.1.10.41 (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): authtok type: 0 (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): priv: 1 (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] (0x0100): cli_pid: 7871 (Tue May 12 10:35:36 2015...

...trying to get poppassd (1.8.4 - current) to work with the pam_winbind.so module with very limited success the last couple of days. So I started digging into the actual source of the winbind module and the source for the poppassd daemon. I thought it might be the way the PAM module was dealing with AUTHTOK and OLDAUTHTOK, but I think I finally nailed it down. It seems that the poppassd's PAM conversation function is somewhat lacking. I've compared it to the way the standard linux 'passwd' utility does it and it's completely borked. (It's doing the auth part and not letting t...

...ng, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44 2000 @@ -36,9 +36,6 @@ RCSID("$Id: auth-pam.c,v 1.12 2000/08/29 22:57:50 djm Exp $"); -#define NEW_AUTHTOK_MSG \ - "Warning: You password has expired, please change it now" - /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -175,11 +172,17 @@ pam_retval = pam_acct_mgmt((pam_handle_t *)...

...|jengelh at gmx.de --- Comment #33 from Jan Engelhardt <jengelh at gmx.de> 2008-04-12 16:10:34 --- To comment #20: Modules do not seem to be able to do converse (in 5.0p1). pam_mount for example is affected by this (ideally it would just grab the authtoken from the auth stage but sadly enough openssh destroys the pam context and instead starts a new one for session stage). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watchi...

...gt; (0x0100): tty: ssh > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): ruser: > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): rhost: 10.1.10.41 > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): authtok type: 0 > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): newauthtok type: 0 > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): priv: 1 > (Tue May 12 10:35:36 2015) [sssd[be[default]]] [pam_print_data] > (0x0100): cli_pid: 787...

...: real uid/gid=0:502, effective u id/gid=0:502 Jul 9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(mount.c:854) waiting for mount Jul 9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:480) mount of peter failed Jul 9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(pam_mount.c:123) clean system authtok (0) Jul 9 13:03:26 feisty-s86-1 gdm[7393]: pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [peter] [-o] [1] Jul 9 13:03:27 feisty-s86-1 gdm[7411]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:502 Jul 9 13:03:27 feisty-s86-1 gdm[7411]: pam_mount(misc.c:37...

...72 0 254372 0% /lib/init/rw udev 10240 52 10188 1% /dev tmpfs 254372 0 254372 0% /dev/shm //192.168.9.15/dobetko 117206592 101382352 15824240 87% /home/dobetko pam_mount(pam_mount.c:123) clean system authtok (0) pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [dobetko] [-o] [1] pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:10003, effective uid/gid=0:10003 pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:10003, effective uid/gid=0:10003 pam_mount(pam_mount.c:360) pmvarrun says login c...

All, The SAMBA version 3.0.21b expired password pam_winbind.so section perhaps might still have an issue. It seems to just be in some kind of loop and never completes the section in pam_winbind.c of pam_sm_chauthtok. See ssh (Solaris 4.2.p1 ssh) sequence below: ssh hermione Password: Changing password for leeraym (current) NT password: Re-enter new Password: Password: Password: tail -f /var/log/authlog: Feb 1 14:53:29 hermione pam_winbind[1153]: [ID 467601 auth.error] request failed: Must chan...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi OpenSSH'ers, I am emailing you to ask is it possible to record failed passwords attempts and log them to syslog? Are there patches available for this? Has anyone managed to do this before? Are there alternitive methods? Many Thanks, A - -- Alan Neville, Postgraduate Education Officer, DCU Students' Union 2009/2010, BS.c Computer

Hello, I've been trying to get Ubuntu 18.04 to work with Samba AD, seems I am almost there but am unable to get home directories to mount properly.  The domain join went without a problem but because the default cifs ver changed in Ubuntu to get other Samba shares on a samba file server to mount I had to add to it's smb.conf: client min protocol = SMB2 client min protocol = SMB3 So

...: [ID 384020 auth.debug] PAM[27977]: pam_set_item(7f6e8:conv) Nov 9 10:00:07 sshserver sshd[27977]: [ID 225850 auth.debug] PAM[27977]: pam_authenticate(7f6e8, 1) Nov 9 10:00:07 sshserver sshd[27977]: [ID 348363 auth.debug] PAM[27977]: load_modules(7f6e8, pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1 Nov 9 10:00:07 sshserver sshd[27977]: [ID 258498 auth.debug] PAM[27977]: load_function: successful load of pam_sm_authenticate Nov 9 10:00:07 sshserver sshd[27977]: [ID 348363 auth.debug] PAM[27977]: load_modules(7f6e8, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1 Nov 9 10:00:...

...ghtdm[823]: Error writing X authority: />/Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission />/denied Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116): />/Clean global config (0) />/Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean />/system authtok=0x1a22910 (0) />/Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected />/Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0] />/Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded />/Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169343] Status code returned />/...

...ghtdm[823]: Error writing X authority: />/Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission />/denied Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116): />/Clean global config (0) />/Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean />/system authtok=0x1a22910 (0) />/Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected />/Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0] />/Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded />/Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169343] Status code returned />/...

...ghtdm[823]: Error writing X authority: />/Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission />/denied Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116): />/Clean global config (0) />/Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean />/system authtok=0x1a22910 (0) />/Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected />/Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0] />/Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded />/Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169343] Status code returned />/...

...un 20 10:29:35 CY-MKT-10 lightdm[823]: Error writing X authority: Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission denied Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116): Clean global config (0) Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean system authtok=0x1a22910 (0) Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0] Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169343] Status code returned 0xc000006d STATUS_LOGON_FAILU...