search for: chauthtok

...d=0) sshd[12346]: pam_winbind(sshd:setcred): [pamh: 0x12345678] ENTER: pam_sm_setcred (flags: 0x0008) sshd[12346]: pam_winbind(sshd:setcred): PAM_REINITIALIZE_CRED not implemented sshd[12346]: pam_winbind(sshd:setcred): [pamh: 0x12345678] LEAVE: pam_sm_setcred returning 0 passwd: pam_winbind(passwd:chauthtok): [pamh: 0x09fc4b10] ENTER: pam_sm_chauthtok (flags: 0x4000) passwd: pam_winbind(passwd:chauthtok): username [user2] obtained passwd: pam_winbind(passwd:chauthtok): user 'user2' OK passwd: pam_winbind(passwd:chauthtok): getting password (0x00000021) passwd: pam_winbind(passwd:chauthtok): re...

...new NT password: passwd: User not known to the underlying authentication module passwd: password unchanged ============ And the following gets printed to /var/log/auth.log:<http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> ============ Apr 28 03:27:33 samba passwd[3394]: pam_winbind(passwd:chauthtok): [pamh: 0x2547c60] ENTER: pam_sm_chauthtok (flags: 0x4000) Apr 28 03:27:33 samba passwd[3394]: pam_winbind(passwd:chauthtok): username [VGASMB\dirbaio] obtained Apr 28 03:27:33 samba passwd[3394]: pam_winbind(passwd:chauthtok): getting password (0x00000021) Apr 28 03:27:36 samba passwd[3394]: pam_...

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child...

Without giving a solution, I want to mention the following problem: Not only changing expired passwords when privilege separation is enabled in combination with PAM is not working (although the current patches seem to solve this one). Also some PAM session modules do not work the way they are supposed to. For instance, the pam_lastlog module. This module gets and updates the last successful

Hi All. Today a patch was commited to OpenSSH that performs PAM password changes via SSH2 keyboard-interactive authentication. I should work fine with privsep, which some of the other solutions have problems with. While the patch itself is relatively small, it's bigger than it should have been due to differences in PAM implementations. I encourage anyone with a interest in this to try

...(flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4660]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4660]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 15:29:58 history-20 passwd: pam_unix(passwd:chauthtok): user "cmthielen" does not exist in /etc/passwd Jun 24 15:29:58 history-20 passwd: pam_winbind(passwd:chauthtok): getting password (0x00000020) Jun 24 15:30:01 history-20 passwd: pam_winbind(passwd:chauthtok): user 'cmthielen' granted access Jun 24 15:30:05 history-20 passwd: pam...

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't....

...(flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4660]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4660]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 15:29:58 history-20 passwd: pam_unix(passwd:chauthtok): user "cmthielen" does not exist in /etc/passwd Jun 24 15:29:58 history-20 passwd: pam_winbind(passwd:chauthtok): getting password (0x00000020) Jun 24 15:30:01 history-20 passwd: pam_winbind(passwd:chauthtok): user 'cmthielen' granted access Jun 24 15:30:05 history-20 passwd: pam...

Thanks a lot. I will check it. We do not use kerberos - is it necessary ? Bye, Peer On 03.01.2018 15:15, L.P.H. van Belle via samba wrote: > Hi Peer, > > This is my output, this account testaccount1 was created 2 minutes ago before the tests below. > > passwd testaccount1 > Current Kerberos password: > Enter new Kerberos password: > Retype new Kerberos password: >

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From djm at mindrot.org 2003-03-10 12:06 ------- The patch looks good, but the only thing that makes me wary is the use of signals for IPC. Would it not be possible to do the chauthtok call earlier? E.g. after the call to do_pam_session() in do_exec_pty()? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...tication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user "Guilherme" does not exist in /etc/passwd

...ee below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating passwords for existing users using passwd successfully updates on smbpass (auth.log): Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): password for (smbuser/1001) changed by (root/0) ...And authentication over smb works (auth.log): Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened for user ben by (uid=0) ...In samba.log: [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) sam_account_ok:...

...is connected and told the password has expired and is asked to change it. The user is prompted for the old password, this is then entered (without echoing, - the RP_ALLOW_STDIN code change has been applied) as soon as carriage-return is hit the used it disconnected. The error appears to be with the chauthtok function call. Building the same code functions correctly on Solaris 8. I have had to return the box to work (albeit with a non expiry changing Openssh) so will take a little while if I have to get hold of lots of debug logs. Am hoping that someone has already seen this? (fingers crossed ;-) Mart...

...r but when I type passwd new_user this is the result: [root at vps ~]# passwd new_user Changing password for user new_user New password: Retype new password: passwd: Authentication token manipulation error [root at vps ~]# tail /var/log/secure Sep 27 17:30:30 vps passwd: pam_cracklib(passwd:chauthtok): pam_get_authtok_verify returned error: Failed preliminary check by password service but I have no clue what the check I've failed is, or if it's a console problem (locales, weird control characters) or maybe a selinux thing? For the record, if I enter a weak password on purpose, e.g. &q...

...pam_init_ctx is never called, so force_pwchange isn't properly initialized i'll attach a workaround patch, but not without serious misgivings about how crappy it is, so it won't hurt my feelings if you come up with a much better fix all in all, though, 3.8p1 does password-changing and chauthtok-ing much better than it's predecessor, so thanks again for the great work --buck ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...the password from the server. >> >> Is there a way to make it work ? >> >> [Guilherme at server ~]$ passwd >> Changing password for user Guilherme. >> passwd: Authentication token manipulation error >> >> Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user >> "Guilherme" >> does not exist in /etc/passwd >> > > What sort of Linux server? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >

Hi, The Solaris password requirements like a. no empty password b. minimum 6 chars etc for a regualr user are not enforced when a password expired user is changing password at the SSH login prompt. The version of openSSH I am using is 3.8.1 and Solaris 8 is where the sshd is running. Is anybody aware of this problem? Is there some configuration option I can use to enforce these password

...'emartel' granted access May 1 10:27:25 poste161-186 su: pam_winbind(su:account): pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set May 1 10:27:25 poste161-186 su: pam_winbind(su:account): user 'emartel' needs new password May 1 10:27:27 poste161-186 su: pam_tcb(su:chauthtok): Credentials for user emartel unknown So access is granted, but for whatever reason the user (any user) is informed by the console that his password has expired and he needs to change it. If he tries to change it at the console as proposed, not only he still doesn't get access but the passwor...

...d the password has expired and is > asked to change it. The user is prompted for the old password, this is then > entered (without echoing, - the RP_ALLOW_STDIN code change has been applied) > as soon as carriage-return is hit the used it disconnected. > The error appears to be with the chauthtok function call. Does sshd dump core? What's the stack trace? That'd help a lot - knowing what the calling routine was (before it got into PAM-land)... > Building the same code functions correctly on Solaris 8. > I have had to return the box to work (albeit with a non expiry changin...

...th a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is an LTSP box, and I'm able to ssh in with AD accounts. However, when I type passwd I get the error message "passwd: Authentication token manipulation error". In the auth.log file I get "pam_unix(passwd:chauthtok): user "kmasters" does not exist in /etc/passwd". Is it possible my Samba version is too old? common-auth: auth sufficient pam_krb5.so auth required pam_unix.so nullok_secure use_first_pass common-account: account sufficient pam_winbind.so account...