Displaying 20 results from an estimated 78 matches for "kbdint".
2003 May 30
4
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580
Summary: disable kbdint if host key mismatch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy...
2008 Feb 06
2
[Bug 1438] New: Adds an out-of-band challenge (OBC) authentication method ( via kbdint)
https://bugzilla.mindrot.org/show_bug.cgi?id=1438
Summary: Adds an out-of-band challenge (OBC) authentication
method (via kbdint)
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbuck...
2003 May 15
2
[Bug 568] Kerberos password auth/expiry kbdint patch
http://bugzilla.mindrot.org/show_bug.cgi?id=568
Summary: Kerberos password auth/expiry kbdint patch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P4
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: jfh...
2011 Jul 22
0
auth2-kbdint.c: Is it a bug that it mixes references to options.kbd_interactive_authentication and options.challenge_response_authentication ?
Hello,
I was chasing some unexpected behaviour from OpenSSH, and have come
across an oddity in the source code which may or may not be a bug.
In auth2-kbdint.c, the Authmethod struct declares
options.kbd_interactive_authentication as the enabled flag for this
method. However in the implementation function a few lines above, it
checks options.challenge_response_authentication to decide whether to
actually proceed with the authentication.
This results in...
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439
Summary: Adds Virtual Token (VToken) authentication method to
kbdint
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucke...
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439
Summary: Adds Virtual Token (VToken) authentication method to
kbdint
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucke...
2003 May 01
2
Kerberos password auth/expiry kbdint patch
I took Markus Friedl's advice and set up a KbdintDevice for Kerberos
password authentication/expiry. It took me a bit to wrap my head
around privsep, but I think it's working properly (code stolen
shamelessly from FBSD's PAM implementation :->).
The hardest part was working out how to get the interaction
between krb5_get_init_cred...
2004 Apr 05
5
[Bug 568] Kerberos password auth/expiry kbdint patch
http://bugzilla.mindrot.org/show_bug.cgi?id=568
------- Additional Comments From michael.houle at atcoitek.com 2004-04-06 06:04 -------
Can someone please enlighten me on whether this kind of code is going
to be included in the main development ? I thought this would be handled
automatically by the krb5 libraries, so I was suprised to find that password
changing doesn't work in the SSH
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
...ResponseAuthenticationFirst' option for sshd,
which makes it do what I require, offering only skey to a client at
first, then offering other auth methods after skey has succeeded.
Is there any point in trying to make it more generic? What other setups
are people likely to want?
Index: auth2-kbdint.c
===================================================================
RCS file: /cvs/openssh/auth2-kbdint.c,v
retrieving revision 1.1
diff -u -p -r1.1 auth2-kbdint.c
--- auth2-kbdint.c 6 Jun 2002 20:27:56 -0000 1.1
+++ auth2-kbdint.c 1 Mar 2003 17:37:41 -0000
@@ -50,7 +50,13 @@ userauth_kbdint(Auth...
2014 Jun 18
15
[Bug 2246] New: PAM enhancements for OpenSSH server
...-----------------------------------------------
| none | sshd-none |
-----------------------------------------------
| password | sshd-password |
-----------------------------------------------
| keyboard-interactive | sshd-kbdint |
-----------------------------------------------
| pubkey | sshd-pubkey |
-----------------------------------------------
| hostbased | sshd-hostbased |
-----------------------------------------------
| gssapi-with-mic...
2004 Dec 21
1
Is there a fix available for CAN-2003-0190
Hi,
Is there a fix available from openssh for the reported vulnerability when
pam is enabled.
http://www.securityfocus.com/bid/11781
thanks
-logu
2004 Jun 01
1
Sending immediate PAM auth failure messages via kbd-int
...platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd
will just deny the login and the user will not be told why.
Attached it a patch that return a keyboard-interactive packet with the
message in the "instruction" block but with zero prompts (this is
permitted by kbdinteract-06 section 3.4).
The next question is whether or not it's a good idea to send extra info
to a denied login. As a rule, sshd doesn't, but this condition only
occurs if the admin explicitly configures PAM to behave this way. This
won't happen with the recently re-added PAM-via...
2005 Sep 12
3
Problems Compiling OpenSSH 4.2p1 on Tru64 UNIX 5.1b
...igure --with-zlib=/usr/local/include
cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o
auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o
kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o
auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L.
-Lopenbsd-compat/ -L/usr/local/include -lssh -lopenbs...
2007 Mar 23
2
openssh 4.6p1 bug / IRIX
...nssh 4.6p1 on irix using mipspro 7.4.x.
c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o
auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o
kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
audit-bsm.o platform.o -L. -Lopenbsd-compat/ -L/usr/local/lib
-L/usr/local2...
2004 Sep 28
12
[Bug 936] S/Key authentication fails if UsePAM=no
http://bugzilla.mindrot.org/show_bug.cgi?id=936
Summary: S/Key authentication fails if UsePAM=no
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: ulm at
2006 Jan 10
6
PAM auth with disabled user
Is it intentional that password auth using PAM continues trying to log
on (giving password 3 prompts) in the case that a user is disabled (so
that pam_account returns an error code).
It can be argued both ways (saying 'you are disabled' is giving out too
much information, making it look like you are entering the wrong
password confuses and frustrates the user)
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> -----
Date: Fri, 2 May 2003 14:01:33 +0200
From: Andrea Barisani <lcars at infis.univ.trieste.it>
To: openssh at openssh.com
Subject: openssh 3.6.1_p2 problem with pam
Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour:
# ssh -l lcars mybox
[2 seconds delay]
lcars at mybox's
2005 Nov 05
3
[Bug 582] Add 'KbdintXORPasswordAuthentication' option.
...--------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Comment #2 from djm at mindrot.org 2005-11-06 03:46 -------
WONTFIX - admins can just disable either PasswordAuthentication or
KbdInteractiveAuthentication if they are functionally equivalent. Our default
config, and most distributor configs do this already.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Feb 24
0
Compile errors on Solaris, early AIX and PAM platforms
...is, early AIX:
../crc32.c:100: `u_int32_t? undeclared (first use in this function)
On these platforms u_int32_t is defined in defines.h which is not
included by crc32.c. Fixed by attached patch.
b) PAM platforms (Redhat, Solaris once a) is fixed, probably others)
gcc -o sshd sshd.o [snip]
auth2-kbdint.o: In function `userauth_kbdint?:
/home/dtucker/openssh/openssh-tinderbox/Linux-2.4.18-24.8.0/../auth2-kbdint.c:54:
undefined reference to `auth2_pam?
collect2: ld returned 1 exit status
Not sure about this one...
-Daz.
[0] http://dodgynet.dyndns.org/tinderbox/OpenSSH_Portable/status.html
--...
2003 Mar 31
1
resource leak in ssh1 challenge-response authentication
If an ssh1 client initiates challenge-response authentication but does
not submit a response to the challenge, and instead switches to some
other authentication method, verify_response() will never run, and the
kbdint device context will never be freed. In some cases (such as
when the FreeBSD PAM authentication code is being used) this may cause
a resource leak leading to a denial of service.
The attached patch adds abandon_challenge_response() to auth-chall.c,
and code to auth1.c to call it if challenge-respo...