search for: bsdauth

...Environment is: Platform OpenBSD 3.9 Dovecot Version 1.0.rc7 Active Directory Windows 2003 The approach I've taken (being the only one I was able to make work) is to use login_ldap to perform bind authentication against Active Directory/LDAP and authenticate dovecot using bsdauth. As far as I can tell the dovecot ldap authentication module requires access to the encrypted password field to which Active Directory does not permit access. Simulated LDAP login fails and when debug is enabled writes the following to /var/log/maillog ==== /var/log/maillog ================ Oct 1...

...-no-nuls oe-ns-eoh lda: mail_plugins: cmusieve postmaster_address: postmaster at bla.com log_path: /var/log/dovecot-deliver-errors.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: login plain verbose: yes debug: yes debug_passwords: yes passdb: driver: bsdauth userdb: driver: static args: uid=vmail gid=vmail home=/var/www/datos/correo/bla.com/%n socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: _postfix group: _postfix master: path: /var/dovecot/auth-master mode:...

...ail externally. The user can read their email but has to "send" via the local ISP server.. The problem After much searching I have not found an answer to my question. I would like the user to authenticate to be able to "send" email "through" the server.. OpenBSD uses bsdauth by default in Dovecot. After reading the Postfix http://www.postfix.org/SASL_README.html and the Dovecot Wiki http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL I have tried multiple configurations but I can't seem to get this to work.. It may be something very simple that I am missing.. All...

hi i test bsdauth with cache_key=%u on OpenBSD and get this error Oct 8 10:04:11 pegasus dovecot: Dovecot v1.2.6 starting up Oct 8 10:04:12 pegasus dovecot: auth(default): Panic: file passdb.c: line 201 (passdb_init): assertion failed: (passdb->passdb->default_pass_scheme != NULL || passdb->passd b-&gt...

...from the terminal or if the * response mode is active from the caller program. ###################################### Solution 1: ###################################### This is a minimal fix that just whitelists variables starting with X_BSD_AUTH: Index: usr.bin/ssh/auth-bsdauth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth-bsdauth.c,v retrieving revision 1.10 diff -u -r1.10 auth-bsdauth.c --- usr.bin/ssh/auth-bsdauth.c 3 Aug 2006 03:34:41 -0000 1.10 +++ usr.bin/ssh/auth-bsdauth.c 18 Sep 2006 09:32:20 -0000 @@ -24...

Hi, probably just nothing to worry about, but I get the following warnings when building 1.1.7 on OpenBSD 4.4 on i386. If I remove the --with-bsdauth config option, they all disappear. I won't use it anyway, but maybe there are others. $ dmesg OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 deraadt at i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz ("GenuineIntel" 6...

I'm setting up dovecot in OpenBSD OS. The problem is that I can't set up dovecot to use kerberos authentication via bsdauth which is "similar to pam" I try to test dovecot via telnet: telnet localhost pop3 user test +OK pass password -ERR [IN-USE] Temporary authentication failure and some strings from logs Feb 3 15:02:37 srv-mx-00 dovecot: auth: Error: bsdauth(rodin.m,127.0.0.1): getpwnam() failed: Operation...

...oes the result of the script matter? No. >> Does that make sense as a usecase? :) >> >> Can it be done? >> >> I understand that it can can be done via PAM, but then PAM is not in >> all >> environments and everyone don't like PAM. > > PAM or bsdauth are the two obvious ways to do this. How would you do it using bsdauth? (PAM seems very redundant to install on OBSD.) > If you are always > using public-key authentication, you could possibly abuse > AuthorizedKeysCommand in sshd_config. As in key files. Could be partially interesting...

...x=/usr --sysconfdir=/etc/dovecot --localstatedir=/var --libexecdir=/usr/lib --with-moduledir=/usr/lib/dovecot/modules --with-zlib --with-sqlite --with-ssl=openssl --with-ssldir=/etc/ssl --with-gssapi --with-pam --with-bzlib --with-docs --without-mysql --without-vpopmail --without-sia --without-bsdauth --with-libcap --with-ioloop=epoll --with-storages=maildir,mbox,dbox,mdbox For the dbox build error, the log states: libdovecot-storage.so: undefined reference to `dbox_storage' Configure: http://pastie.org/1106301 - Make: http://pastie.org/private/qtt76kxomhmwqwii20oroq Configure: ./config...

...-nuls oe-ns-eoh lda: mail_plugins: sieve postmaster_address: postmaster at foobar.com.ar log_path: /var/log/dovecot-deliver-errors.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: login plain verbose: yes debug: yes debug_passwords: yes passdb: driver: bsdauth userdb: driver: static args: uid=vmail gid=vmail home=/var/www/datos/correo/foobar.com.ar/%n, allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: _postfix group: _postfix master: path: /var/dove...

...configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling .... : poll I/O notifys .... : none SSL ............ : yes (OpenSSL) GSSAPI ......... : no passdbs ........ : static passwd passwd-file shadow pam checkpassword dcrypt ..........: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers .... : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have co...

...which IIRC means (a subset of?) what libc has been compiled with, which can be a bit restrictive. So I'd like to use an external tool, which would also let me integrate other applications (eg web apps). PAM seems to be most suited to sharing accounts with the OS, which isn't what I want. BSDAuth likewise, but I'm not using BSD. CheckPassword looks like a somewhat convoluted protocol, but maybe the best bet? IMAP - well, that's circular :-) OAuth2 looks possible, but seems to be focused on http? Any suggestions? And recommended implementations? How hard is it to add extra metho...

...part -------------- diff -adurN openssh-3.7.1p2.privsep/Makefile.in openssh-3.7.1p2/Makefile.in --- openssh-3.7.1p2.privsep/Makefile.in Mon Sep 22 05:00:12 2003 +++ openssh-3.7.1p2/Makefile.in Sat Oct 4 22:38:24 2003 @@ -80,8 +80,7 @@ auth-chall.o auth2-chall.o groupaccess.o \ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ - monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ - kexdhs.o kexgexs.o \ + @PRIVSEP_OBJS@ kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-sia.o m...

...s ? location = ? mailbox Drafts { ??? special_use = \Drafts ? } ? mailbox Junk { ??? special_use = \Junk ? } ? mailbox Sent { ??? special_use = \Sent ? } ? mailbox "Sent Messages" { ??? special_use = \Sent ? } ? mailbox Trash { ??? special_use = \Trash ? } ? prefix = } passdb { ? driver = bsdauth } passdb { ? args = /etc/dovecot/dovecot.passwd ? driver = passwd-file } plugin { ? quota_grace = 10%% ? quota_rule = *:storage=2G ? quota_rule2 = Trash:storage=+200M ? quota_rule3 = SPAM:ignore ? quota_status_nouser = DUNNO ? quota_status_overquota = 552 5.2.2 Mailbox is full ? quota_status_succes...

I configure as follows: ./configure --with-zlib=/usr/local/include cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L. -Lopenbsd-compat/ -L/...

On 2015-11-26 13:03, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote: >> What I am looking for is an SSHD configuration where every >> successfully >> authenticated connection also guaranteedly will lead to a >> ForcedCommand >> invocation. > [...] >> Is this possible? > > I don't think

...llo, little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x. c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat...

...t_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_debug = yes mail_location = maildir:/var/vmail/mydomain/%n mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Spam { auto = subscribe } prefix = } passdb { driver = bsdauth } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } ssl_cert = </cert.pem ssl_key = &l...

...export CPPFLAGS export LDFLAGS CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib ./configure \ --prefix=/usr \ --with-ssl=openssl \ --with-ssldir=/etc/ssl \ --sysconfdir=/etc \ --without-vpopmail \ --with-pam \ --without-bsdauth \ --without-sql \ --without-nss \ --without-ldap \ --without-pgsql \ --without-mysql \ --without-sqlite \ --with-rundir=/var/run/dovecot\ --without-deliver \ --without-gssapi Build error: libtool: compile: gcc -DHAV...

...15 at 4:49 PM, Tinker <tinkr at openmailbox.org> wrote: >> On 2015-11-26 13:33, Darren Tucker wrote: > [...] >>> What is the script going to do? > > You didn't answer this. Register the login to the group's login database. >> How would you do it using bsdauth? >> >> (PAM seems very redundant to install on OBSD.) > > You are using OpenBSD or something else? OpenBSD. > [...] >>> This sounds a bit like what authpf[1] does. I imagine you could >>> write >>> firewall rules to block outgoing tcp connection...