search for: do_pam_putenv

...changed, 5 insertions(+) diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9..a12bb244 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) } else retval = 0; +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value); +#endif + krb5_free_principal(krb_context, princ); return retval; } -- 2.11.0

...m investigating if it is possible for a PAM module to find out which public key was accepted (when 'AuthenticationMethods publickey,keyboard-interactive' is used). From my digging in the source, it seems it is currently not. Would it be possible to provide this information? Maybe using do_pam_putenv()? Would there be any security implications of doing this? The reason I'm asking is that I'm looking into using 2FA (i.e. pubkey + pam_google_authenticator) for *some* of my SSH keys. For example, a SSH privkey on my trusted box can login without verification code, but another SSH privk...

Hi All. Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh. There are patches. The first [1] is a straightforward port of the OpenBSD code to Portable. The second [2] contains the parts I've stolen from Simon Wilkinson's portable GSSAPI patch in an attempt to make it build. It is incomplete and doesn't currently work. The PAM support is not there and

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST --- Retarget unresolved

Hi All. OpenSSH is getting ready for a release soon, so we are asking for all interested parties to test a snapshot. Changes include: * sshd will now re-exec itself for each new connection (the "-e" option is required when running sshd in debug mode). * PAM password authentication has been (re)added. * Interface improvements to sftp(1) * Many bug fixes and improvements, for

...>>index 795992d9..a12bb244 100644 >>--- a/gss-serv-krb5.c >>+++ b/gss-serv-krb5.c >>@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) >> } else >> retval = 0; >>+#ifdef USE_PAM >>+ if (options.use_pam) >>+ do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value); >>+#endif >>+ >> krb5_free_principal(krb_context, princ); >> return retval; >> } >Hello, > >this change request is already tracked as a bug #2063 [1] (with the >related configuration op...

...https://theos.kyriasis.com/~kyrias/ -------------- next part -------------- --- gss-serv-krb5.c.orig 2012-07-12 14:33:31.117551679 +0200 +++ gss-serv-krb5.c 2012-07-12 14:34:30.319020970 +0200 @@ -104,6 +104,11 @@ } else retval = 0; +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("GSS_AUTH_KRB5_PRINC", (char *)client->displayname.value); +#endif + krb5_free_principal(krb_context, princ); return retval; } -------------- next part -------------- A non-text attachment was scrubbed... Name: pubkey_fingerprint.patch Type: text/x-diff Size: 361 bytes Desc: not a...

...Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: deengert at anl.gov The gss-serv-krb5.c will call do_pam_putenv to set the KRB5CCNAME so it can be used by a PAM routine. But the call to ssh_gssapi_storecreds is called from do_exec which is way to late to be usable by do_pam_session or do_pam_setcred. Suggestion is to move the call. ------- You are receiving this mail because: ------- You are the assigne...

Dear OpenSSH Developers, I would like to propose a patch to OpenSSH for Linux. In the recent few months, I have encountered a scenario where a PAM module used for authentication in SSH should be informed about the previous successful authentication methods. I described the complete scenario here: