search for: fcusack

...f host key mismatch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at fcusack.com currently, password auth is disabled if the host key mismatches. kbdint auth should probably also be disabled. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...mary: PAM fixes Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at fcusack.com - start PAM with correct username - don't call pam_authenticate() for null password checking when not necessary - set pam_flags correctly for kbdint pam_authenticate() calls - improve logging ------- You are receiving this mail because: ------- You are the assignee for the...

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From fcusack at fcusack.com 2002-04-16 23:27 ------- sshd should definitely not be using 'NOUSER'. The correct thing is to use the username, regardless of whether (pw) exists. I can't understand why you would substitute the value 'NOUSER'. ------- You are receiving this mail because: -...

...ation' option. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at fcusack.com On the client, I might typically have NumberOfPasswordPrompts 1 and attempt both password and keyboard-interactive authentication. If the server allows both types of auth, I get 2 password prompts (assuming I get the first one wrong). The proposed server option KbdintXORPasswo...

I'm unable to get dovecot-lda with sieve filtering to deliver into maildir folders. The examples on the wiki explicitly say "mbox", so I'm wondering, does the dovecot-lda sieve implementation not support filtering into maildir folders? -frank

http://bugzilla.mindrot.org/show_bug.cgi?id=1188 Summary: keyboard-interactive should not allow retry after pam_acct_mgmt fails Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

I know this is slightly OT but folks discuss zfs compatible hardware here all the time. :) Has anyone used something like this combination? <http://www.cdw.com/shop/products/default.aspx?EDC=1346664> <http://www.cdw.com/shop/products/default.aspx?EDC=1854700> It''d be nice to have externally accessible CF slots for my NAS. I can''t put them into a drive bay because

I just added auth caching with pam, and I'm getting this error: dovecot: [ID 107833 mail.error] auth(default): file passdb.c: line 178 (passdb_init): assertion failed: (passdb->passdb->default_pass_scheme != NULL || passdb->passdb->cache_key == NULL) A google search turns up <http://www.dovecot.org/list/dovecot-cvs/2005-March/004117.html> which looks approx like this

What are people doing to affect the sort order of mailboxes in outlook? Apple Mail and MS Outlook similarly suck in that they do not sort '~' correctly -- mailboxes starting with '~' are first instead of last. At least I think this is the fault of the client, since Mulberry sorts correctly. At least with Apple Mail I can drag and drop mailboxes into any display order I like, so

...documented Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at fcusack.com ssh-keysign(8) talks about this option, but ssh_config(5) doesn't mention it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=582 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from djm at mindrot.org 2005-11-06 03:46 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=1120 Summary: sftp deletes files if destination==source and client==server Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: sftp AssignedTo: bitbucket at

http://bugzilla.mindrot.org/show_bug.cgi?id=188 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2003-05-14 22:32

It's sometimes desired to be able to alter login policy depending upon how the person was connecting for the ssh server. For example you might want different rules on the internal and external interface of a gateway. In another setup you might want an sshd with a different login policy running on a different port - and setup different firewalling rules (for example). I have implemented such

I am connecting to smbd over a vpn connnection. After tunnelled traffic comes out of the vpn it hits firewall rules. Per <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html#firewallports> I am allowing 135/TCP 137/UDP 138/UDP 139/TCP 445/TCP through the firewall. With this configuration, mounting an smb share from win XP home SP2 takes 2 or 2.5

Can shared/public namespaces' prefixes have a common prefix? :) namespace public { separator = / prefix = zz/shared/ location = maildir:/var/maildir/shared:INDEX=/var/maildir/%n/shared subscriptions = no } # to share other employees mailboxes (term'd or admin access) namespace shared { separator = / prefix = zz/shared/%%u/ location =

Hi ! Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. Firstly, I'm using : - openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS. - I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file : #%PAM-1.0 auth

http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though. This affects only

http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz.sig This is mainly to fix the 0777 base_dir creation issue, which could be considered a security hole, exploitable by local users. An attacker could for example replace Dovecot's auth socket and log in as other users. Gaining root privileges isn't possible though. This affects only

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?