search for: getspnam

...th current CVS portable OpenSSH non-PAM password authentication fails with the system running in trusted mode. This does get an issue, because apparently current code does not use PAM for plain old passord authentication. The reason for failure is that password hashes are not being looked up using getspnam, but rather from /etc/passwd even in trusted mode, because DISABLE_SHADOW is being defined by configure for all versions of HP-UX. Michael ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) We could probably also add: AC_CHECK_FUNC(gethostent, , AC_CHECK_LIB(nsl, gethostent)) 2. Checks such as the following are wrong: AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen") Don't check if the function exists in the library. Check first if the function exists *without* the library and then with the library if need be (and, FYI, AC_CHECK_LIB(lib,func) will automatically add "-l[lib]" to $LIBS): AC_C...

...s all checks against -lgen after the dirname checks): RCS file: /cvsroot/upstream/openssh/configure.ac,v retrieving revision 1.1.1.10 diff -u -r1.1.1.10 configure.ac --- configure.ac 2003/04/29 09:12:08 1.1.1.10 +++ configure.ac 2003/05/09 03:00:53 @@ -410,9 +410,6 @@ fi fi -AC_CHECK_FUNC(getspnam, , - AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) - AC_ARG_WITH(rpath, [ --without-rpath Disable auto-added -R linker paths], [ @@ -622,7 +619,6 @@ ) AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) -AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAM...

...earch to find out this information if the documentation was written rather more clearly. So, to help others, I suggest changing the following lines in dovecot.conf # Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: PAM authentication to: # Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() # pam [<service> | *]: /etc/shadow or similiar, using PAM authentication Updating the do...

...wed and non-shadowed passwords. I reported a same type of error to Mr. Miller when openssh-1.2.1pre23 was released. On our systems, our local machines have shadowed /etc/passwd (and /etc/shadow) and our NIS server distributes non-shadowed password of general users. We have to use getspnam(3) for shadowed local users' ( for example, "root") entries and getpwnam(3) for non-shadowed users' entries. Otherwise, the function "allowed_user" in auth.c of openssh-2.1.1p2 has the following lines: 59 #if defined(HAVE_SHADOW_H) && !defined(DISABL...

configure.in patches for 2.9.9p2: 1. Allow --with-pcre to take a path specifying the root of the PCRE install (ROOT/include, ROOT/lib) 2. Ditto for --with-zlib 3. $no_libnsl and $no_libsocket can be determined programmatically 4. Check for innetgr, getspnam, and util in the default $LIBS before checking in -lrpc, -lgen, and -lutil, respectively 5. dirname() is in -lgen on some systems (Solaris 2.5.1, IRIX) -- albert chin (china at thewrittenword.com) -- snip snip --- configure.in.orig Thu Sep 27 01:16:56 2001 +++ configure.in Thu Sep 27 10:1...

...ginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o -L. -Lopenbsd-compat/ -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/ssl/lib -lssh -lopenbsd-compat -lz -lsocket -lnsl -lgen -lcrypto Undefined first referenced symbol in file getspnam auth.o UX:ld: ERROR: sshd: fatal error: Symbol referencing errors. No output written to sshd make: *** [sshd] Error 1 Basically some problems with getspnam. I checked on internet and some solutions are to look in LIBS to -lgen, but from output it looks like it is lookin...

...for putprpwnam in -lsec... no > checking for putprpwnam... (cached) no > checking for set_auth_parameters in -lsecurity... no > checking for set_auth_parameters... no > checking for set_auth_parameters in -lsec... no > checking for set_auth_parameters... (cached) no > checking for getspnam in -lgen... no > checking for getspnam... no > checking for getspnam in -lsecurity... no > checking for getspnam... (cached) no > checking for getspnam in -lsec... no > checking for getspnam... (cached) no > checking for bigcrypt in -lsecurity... no > checking for bigcrypt... n...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I built Dovecot (0.99.5) from Ports on FreeBSD 5.0. The mail client (Kmail) cannot login and it complains that authentication process died. The only thing in the logs is: Feb 2 18:13:01 karo imap-login: Disconnected [client-ip] I tried also passwd authentication method, but its symptoms are the very same. My configure can be found at

...for putprpwnam... no checking for putprpwnam in -lsec... no checking for putprpwnam... (cached) no checking for set_auth_parameters in -lsecurity... no checking for set_auth_parameters... no checking for set_auth_parameters in -lsec... no checking for set_auth_parameters... (cached) no checking for getspnam in -lgen... no checking for getspnam... no checking for getspnam in -lsecurity... no checking for getspnam... (cached) no checking for getspnam in -lsec... no checking for getspnam... (cached) no checking for bigcrypt in -lsecurity... no checking for bigcrypt... no checking for bigcrypt in -lsec......

Greetings, I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and the following problem occurs: I am unable to login as root using when strictmode is set to yes. output of debug: Failed none for root from 192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1:

...for putprpwnam... no checking for putprpwnam in -lsec... no checking for putprpwnam... (cached) no checking for set_auth_parameters in -lsecurity... no checking for set_auth_parameters... no checking for set_auth_parameters in -lsec... no checking for set_auth_parameters... (cached) no checking for getspnam in -lgen... no checking for getspnam... no checking for getspnam in -lsecurity... no checking for getspnam... (cached) no checking for getspnam in -lsec... no checking for getspnam... (cached) no checking for bigcrypt in -lsecurity... no checking for bigcrypt... no checking for bigcrypt in -lsec......

....19, glibc-2.1.3, egcs-1.1.2, autoconf-2.52): $ CFLAGS='-O2 -mpentium -Wall'; export CFLAGS $ ./configure --prefix=/usr/local/encap/openssh_cvs-2001.10.30.2345UTC ... checking for yp_match... no checking for yp_match in -lnsl... yes checking for setsockopt... yes checking for getspnam... yes checking for login... no checking for login in -lutil... yes <--- #define HAVE_LIBUTIL_LOGIN ^^^^^^^^^^^^^^^^^^^^^^^^ checking for deflate in -lz... yes ... checking for libutil.h... no checking for login... (cached) no ^^^^^^^^^^^^^^^^^^^^^^ ch...

...noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; #endif [test for locked passwd entry] If the platform is using PAM, /etc/passwd is checked regardless of whether or not it actually has /etc/shadow. If the platform has /etc/shadow but doesn't have...

...am in -lsec configure:7174: checking for putprpwnam configure:7287: checking for set_auth_parameters in -lsecurity configure:7336: checking for set_auth_parameters configure:7448: checking for set_auth_parameters in -lsec configure:7497: checking for set_auth_parameters configure:7611: checking for getspnam in -lgen configure:7660: checking for getspnam configure:7773: checking for getspnam in -lsecurity configure:7822: checking for getspnam configure:7934: checking for getspnam in -lsec configure:7983: checking for getspnam configure:8096: checking for bigcrypt in -lsecurity configure:8145: checking...

...hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; int i; #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) @@ -85,8 +85,7 @@ allowed_user(struct passwd * pw) return 0; #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) - if (!options.use_pam) - spw = getspnam(pw->pw_name); + spw = getspnam(pw->pw_name); #ifdef HAS_SHADOW_EXPIRE #define DAY (24L * 60 * 60) /* 1 day in seconds */ if (!options.use_pam && spw != NULL) {

...ght at http://www.faqs.org/faqs/hp/hpux-faq/ is decidedly not free, but I'm hoping the copyright holder will permit the code to be used freely. I've CC'ed him on this mail. --- includes.h.orig Fri Sep 17 10:03:08 2004 +++ includes.h Fri Sep 17 09:52:03 2004 @@ -186,8 +186,20 @@ * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. */ #ifdef __hpux -# ifdef _INCLUDE__STDC__ -# undef _INCLUDE__STDC__ +# include <sys/privgrp.h> +# if defined(PRIV_PSET) +# define _hpux_11i +# elif defined(PRIV_SPUCTL) +# define __hpux_11x +# elif defined(PRIV_SERIALIZE) +# defin...

...nt University of California at Davis tcleamy at ucdavis.edu http://clm.ucdavis.edu/ *** includes.h.orig Mon Oct 25 15:27:12 2004 --- includes.h Mon Oct 25 15:44:53 2004 *************** *** 184,191 **** /* * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. ! */ ! #ifdef __hpux # ifdef _INCLUDE__STDC__ # undef _INCLUDE__STDC__ # endif --- 184,190 ---- /* * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unse...

QNX Neutrino does not support the shadow password database properly. Apart from misdocumenting /etc/shadow as having 4 fields when in fact it has 5 (including the "last changed" field), its getspnam() fills in the sp_expire field of the spwd structure with 0. And since by default, shadow support is enabled and the configure script turns on HAS_SHADOW_EXPIRE when it finds that field, the built sshd ends up refusing all connections on the grounds of an expired account. I have dealt with this t...

...ase "$host" in +*-*-cygwin*) + # Check if linking agains pcre is requested, otherwise use + # regex lib on Cygwin + echo "$LIBS" | grep "pcreposix" > /dev/null 2>&1 + if test $? -ne 0 ; then + LIBS="$LIBS -lregex " + fi + ;; +esac AC_CHECK_FUNC(getspnam, , AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com