search for: get_challeng

...k != 0; } -#else +#else /* BSD_AUTH */ #ifdef SKEY #include <skey.h> @@ -88,6 +88,25 @@ skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, response) != -1); } +#else /* SKEY */ +#ifdef OPIE +#include <opie.h> + +char * +get_challenge(Authctxt *authctxt, char *devs) +{ + static char challenge[OPIE_CHALLENGE_MAX+64]; + if (opiechallenge(&authctxt->opie_data, authxtxt->user, challenge) != 0) + return NULL; + strlcat(challenge, "\nOPIE Password: ", sizeof challenge); + return challenge; +} +int +verify_respons...

...f -> /etc/samba/smb.conf last mod_time: Sat Mar 8 15:34:20 2003 [2003/03/08 15:34:43, 6] param/loadparm.c:lp_file_list_changed(2318) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Mar 8 15:34:20 2003 [2003/03/08 15:34:43, 10] smbd/negprot.c:get_challenge(40) get challenge: creating negprot_global_auth_context [2003/03/08 15:34:43, 5] auth/auth.c:make_auth_context_subsystem(406) Making default auth method list for security=user, encrypt passwords = yes [2003/03/08 15:34:43, 5] auth/auth.c:make_auth_context_text_list(340) Attempting to find an...

...f -> /etc/samba/smb.conf last mod_time: Mon Sep 27 13:13:42 2004 [2004/09/27 13:41:38, 6] param/loadparm.c:lp_file_list_changed(2668) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Sep 27 13:13:42 2004 [2004/09/27 13:41:38, 10] smbd/negprot.c:get_challenge(40) get challenge: creating negprot_global_auth_context [2004/09/27 13:41:38, 5] auth/auth.c:make_auth_context_subsystem(490) Making default auth method list for security=share, encrypt passwords = yes [2004/09/27 13:41:38, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth bac...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

...num_deny_groups; + char **deny_groups; +}; + + /* * Keyboard interactive device: * init_ctx returns: non NULL upon success @@ -133,6 +147,7 @@ void auth2_challenge_stop(Authctxt *); int allowed_user(struct passwd *); +int auth_allowed_user(struct passwd *, Authaccess); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); Index: auth2.c =================================================================== RCS file: /cvs/openssh/auth2.c,v retrieving revision 1.91 diff -u -r1.91 auth2.c --- auth2.c 26 Feb 2002 18:09:43 -0000 1.91 +++ auth2.c 28 Mar 2002 16:44...

...uot;); if (options.challenge_response_authentication == 1) { +#ifdef USE_PAM + if (options.tis_via_pam == 1) { + authenticated = auth_pam_password(pw, "", + PAM_PROMPT_ECHO_ON); + break; + } else { +#else + { +#endif /* USE_PAM */ char *challenge = get_challenge(authctxt); if (challenge != NULL) { debug("sending challenge '%s'", challenge); @@ -279,6 +289,7 @@ packet_write_wait(); continue; } + } } break; case SSH_CMSG_AUTH_TIS_RESPONSE: diff -uNr openssh-3.0.2p1.orig/auth2.c openssh-3.0.2p1/a...

...#if defined(SKEY) && defined(TIS_AUTH) +#error "S/Key and TIS authentication is not supported at the same time" +#endif + +#ifdef TIS_AUTH + +#include "tisauth.h" +#include "servconf.h" +#include "xmalloc.h" + +extern ServerOptions options; + +char * +get_challenge(Authctxt *authctxt, char *devs) +{ + static char challenge[128]; + + if (!authctxt->tis) { + authctxt->tis = tis_connect_multi(options.authserv_addrs); + } + if (authctxt->tis) { + char *tis_chal; + + if (authctxt->pw) { + tis_chal = tis_authenticate(authctxt->tis, authctxt-&...

...30 15:54:53, 5] smbd/connection.c:claim_connection(170) claiming 0 [2007/01/30 15:54:53, 6] param/loadparm.c:lp_file_list_changed(3006) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jan 30 15:34:48 2007 [2007/01/30 15:54:53, 10] smbd/negprot.c:get_challenge(42) get challenge: creating negprot_global_auth_context [2007/01/30 15:54:53, 5] auth/auth.c:make_auth_context_subsystem(484) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/01/30 15:54:53, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the