search for: dleonard

.../vsnprintf) Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com The autoconf.ac test for a broken vsnprintf sets BROKEN_SNPRINTF instead of BROKEN_VSNPRINTF. This causes breakage on HP-UX 11.00, because the (otherwise usable) snprintf prototype in stdio.h doesn't agree with the replacement provided by OpenSSH. Output from openssh-SNAP-200...

...pcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at vintela.com The early call to setpcred() in do_setusercontext() seems to drop the euid to the user's uid on AIX5.1. This stops the future call to initgroups() from working if setpcred() doesn't get the supplementary group list right. Which it doesn't with PAM. The symptoms are a &...

...e error with GSSAPI names Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com ssh_gssapi_import_name() passes a string through a GSSAPI buffer that is one byte too long. This seems to occasionally cause problems, like spurious garbage characters appearing at the end of realms. ------- Additional Comments From dleonard at vintela.com 2005-08-08 23:33 ------...

...n ssh_config Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com a minor nit-pick; a comment in the sample ssh_config mispells GSSAPIDelegateCredentials as DelegatCredentials ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...AIX authenticate Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: AIX Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com keyboard-interactive is currently only supported for PAM. AIX's authenticate() function is only used by the 'none' and 'password' methods and is pretty horrid (see bug 908). This is an enhancement bug to provide a kbd-int device for AIX authentication. ---...

...alled with dropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com pam_open_session() is being called with euid/uid set to the authenticated user (instead of root) It seems that do_setusercontext() calls setpcred() early, but setpcred() has the effect of setting uid/euid to the authenticated user. This can't be undone, and the subsequent call...

...;which' Product: Portable OpenSSH Version: v4.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com contrib/findssl.sh is very handy, but assumes that 'which' is always available, which it isn't. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...re many users Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at vintela.com The post-install script of the AIX install uses something like 'lsusers ALL | grep ssh' to see if the privsep user has been created. The trouble is that invoking 'lsusers ALL' takes TWO HOURS to complete at a particular site with thousands of users! The simple fix...

http://bugzilla.mindrot.org/show_bug.cgi?id=1028 dleonard at vintela.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|sshd does not forward non- |sshd does not forward final |query conversations to |non-query conver...

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Additional Comments From dleonard at vintela.com 2005-06-08 22:16 ------- a workaround at http://blog.macnews.de/unspecific/stories/4581/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1028 ------- Additional Comments From dtucker at zip.com.au 2005-07-14 13:57 ------- Does the attached patch fix the issue you're seeing? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...handle empty usernames Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com A feature of gssapi-with-mic authentication is that the username can be empty as the server should be able to figure out what username to use from the established credentials. 3.2 [...] "The user name may be an empty string if it can be deduced from the results of the G...

...d-helper(8) Product: Portable OpenSSH Version: v4.5p1 Platform: Other OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Documentation AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com The -h option is not itemizd .Fl h Display a summary of options. The ".Fl h" needs to become ".It Fl h" Also, the word "Random" after .Nd should be all lowercase to be consistent with the other manual pages. ------- You are receiving this ma...

...hen rlogin=false Product: Portable OpenSSH Version: v4.5p1 Platform: Other OS/Version: AIX Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com I was looking at the "OpenSSH on AIX" project patches on sourceforge, and was interested to see this issue: On AIX, you can set 'rlogin=false' on particular users and deny them remote shell access. OpenSSH supports that. However, sftp is still a desirable service...