search for: hranicki

Attached is a patch that allows for an interactive Kerberos password change via keyboard-interactive, and also reports any banners received from krb5_g_i_c_p() (e.g., password expiration notification if you have krb5-1.2.x patched appropriately). This could probably be refactored a bit and probably done better, but I'm sending this in in case anyone finds it useful. The major drawback is

I have everything in place to move to a Samba/Heimdal/OpenLDAP auth database and have just discovered that some of the Windows products we use are required to run on a domain controller. Since domain sync doesn't work between Samba and NT4 it looks like I'm stuck: either ditch all the software we run on domain controllers, stay with our current 2-auth-db system, or move at least our

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

The attached patch restricts any keyboard-int method from allowing root password authentication. Other methods (bsdauth? I don't even really know what that is) could be added as well. FWIW, it appears that when using the "password" method the code in auth.c is never reached due to the following code in auth-passwd.c: #ifndef HAVE_CYGWIN if (pw &&

of the remotely connected socket is in in monitor_read(). The easiest way to pass them in would be to add fields to the Authctxt structure, which gets passed down into auth_krb5_password(), although possibly not the best. Perhaps using a prompter isn't the best way to go, either, I'm not sure. Ultimately, I'm simply looking for any pointers as to the best way to proceed, even if

Ok, so I''m planning on wiping my test pool that seems to have problems with non-spare disks being marked as spares, but I can''t destroy it: # zpool destroy -f zmir cannot iterate filesystems: I/O error Anyone know how I can nuke this for good? Jim This message posted from opensolaris.org

This bug causes a segfault when compiled against heimdal, but not MIT krb5. Either way, I think this code is correct. HTH. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh at cise.ufl.edu

We are looking for a replacement enterprise file system to handle storage needs for our campus. For the past 10 years, we have been happily using DFS (the distributed file system component of DCE), but unfortunately IBM killed off that product and we have been running without support for over a year now. We have looked at a variety of possible options, none of which have proven fruitful. We are

I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible: http://bugzilla.mindrot.org/show_bug.cgi?id=14 On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1: http://bugzilla.mindrot.org/show_bug.cgi?id=125 In fact, both patches work together, apparently. If I have any

Due to difficulties in getting PAM (with krb5) password expiry working consistently on multiple platforms, I'd like to see if I could hack something into auth-krb5.c to do so. Here's a backtrace when stopped in auth_krb5_password: #0 auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270 #1 0x274d8 in auth_password (authctxt=0x8e148,