Displaying 9 results from an estimated 9 matches for "do_pam_putenv".
2017 Jan 04
2
[PATCH] Set KRB5PRINCIPAL in user environment
...changed, 5 insertions(+)
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 795992d9..a12bb244 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
} else
retval = 0;
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value);
+#endif
+
krb5_free_principal(krb_context, princ);
return retval;
}
--
2.11.0
2016 Feb 18
2
Let PAM know about accepted pubkey?
...m investigating if it is possible for a PAM module to find out which
public key was accepted (when 'AuthenticationMethods
publickey,keyboard-interactive' is used). From my digging in the source,
it seems it is currently not.
Would it be possible to provide this information? Maybe using
do_pam_putenv()? Would there be any security implications of doing this?
The reason I'm asking is that I'm looking into using 2FA (i.e. pubkey +
pam_google_authenticator) for *some* of my SSH keys. For example, a SSH
privkey on my trusted box can login without verification code, but
another SSH privk...
2003 Aug 22
1
GSSAPI patch sync from OpenBSD to Portable
Hi All.
Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh.
There are patches. The first [1] is a straightforward port of the
OpenBSD code to Portable.
The second [2] contains the parts I've stolen from Simon Wilkinson's
portable GSSAPI patch in an attempt to make it build. It is incomplete
and doesn't currently work.
The PAM support is not there and
2011 Sep 06
16
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1930
--- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST ---
Retarget unresolved
2004 Aug 12
14
Pending OpenSSH release, call for testing.
Hi All.
OpenSSH is getting ready for a release soon, so we are asking for all
interested parties to test a snapshot.
Changes include:
* sshd will now re-exec itself for each new connection (the "-e" option
is required when running sshd in debug mode).
* PAM password authentication has been (re)added.
* Interface improvements to sftp(1)
* Many bug fixes and improvements, for
2017 Jan 06
2
[PATCH] Set KRB5PRINCIPAL in user environment
...>>index 795992d9..a12bb244 100644
>>--- a/gss-serv-krb5.c
>>+++ b/gss-serv-krb5.c
>>@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
>> } else
>> retval = 0;
>>+#ifdef USE_PAM
>>+ if (options.use_pam)
>>+ do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value);
>>+#endif
>>+
>> krb5_free_principal(krb_context, princ);
>> return retval;
>> }
>Hello,
>
>this change request is already tracked as a bug #2063 [1] (with the
>related configuration op...
2014 Dec 28
2
pubkey fingerprint and krb princ name in environment
...https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
--- gss-serv-krb5.c.orig 2012-07-12 14:33:31.117551679 +0200
+++ gss-serv-krb5.c 2012-07-12 14:34:30.319020970 +0200
@@ -104,6 +104,11 @@
} else
retval = 0;
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv("GSS_AUTH_KRB5_PRINC", (char *)client->displayname.value);
+#endif
+
krb5_free_principal(krb_context, princ);
return retval;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pubkey_fingerprint.patch
Type: text/x-diff
Size: 361 bytes
Desc: not a...
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
...Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: deengert at anl.gov
The gss-serv-krb5.c will call do_pam_putenv to set the KRB5CCNAME
so it can be used by a PAM routine. But the call to ssh_gssapi_storecreds
is called from do_exec which is way to late to be usable by
do_pam_session or do_pam_setcred. Suggestion is to move the
call.
------- You are receiving this mail because: -------
You are the assigne...
2015 Jun 02
3
OpenSSH Linux portable patch proposal
Dear OpenSSH Developers,
I would like to propose a patch to OpenSSH for Linux. In the recent few
months, I have encountered a scenario where a PAM module used for
authentication in SSH should be informed about the previous successful
authentication methods. I described the complete scenario here: