search for: kbdintdevice

...============================================================= RCS file: /var/cvs/openssh/auth2-chall.c,v retrieving revision 1.17 diff -u -r1.17 auth2-chall.c --- auth2-chall.c 22 Mar 2002 02:30:43 -0000 1.17 +++ auth2-chall.c 24 Apr 2002 01:03:14 -0000 @@ -40,11 +40,17 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; +extern KbdintDevice mm_bsdauth_device; #else #ifdef SKEY extern KbdintDevice skey_device; +extern KbdintDevice mm_skey_device; #endif #endif +#ifdef USE_PAM +extern KbdintDevice pam_device; +extern KbdintDevice mm_pam_device; +#endif KbdintDevice *devices[] = { #ifdef BSD_A...

...============================================================= RCS file: /var/cvs/openssh/auth2-chall.c,v retrieving revision 1.19 diff -u -r1.19 auth2-chall.c --- auth2-chall.c 26 Jun 2002 13:58:40 -0000 1.19 +++ auth2-chall.c 2 Jul 2002 02:19:35 -0000 @@ -40,11 +40,17 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; +extern KbdintDevice mm_bsdauth_device; #else #ifdef SKEY extern KbdintDevice skey_device; +extern KbdintDevice mm_skey_device; #endif #endif +#ifdef USE_PAM +extern KbdintDevice sshpam_device; +extern KbdintDevice mm_sshpam_device; +#endif KbdintDevice *devices[] = { #ifde...

...============================================================ RCS file: /var/cvs/openssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 21 Jun 2002 00:41:52 -0000 1.18 +++ auth2-chall.c 25 Jun 2002 01:42:11 -0000 @@ -40,11 +40,17 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; +extern KbdintDevice mm_bsdauth_device; #else #ifdef SKEY extern KbdintDevice skey_device; +extern KbdintDevice mm_skey_device; #endif #endif +#ifdef USE_PAM +extern KbdintDevice sshpam_device; +extern KbdintDevice mm_sshpam_device; +#endif KbdintDevice *devices[] = { #ifde...

...1 && + opieverify(&opie, responses[0]) == 0) + return 0; + else + opieverify(&opie, ""); /* Always need to verify to keep locks + in sync */ + return -1; +} + +static void +opie_free_ctx(void *ctx) +{ + /* we don't have a special context */ +} + +KbdintDevice opie_device = { + "opie", + opie_init_ctx, + opie_query, + opie_respond, + opie_free_ctx +}; +#endif /* OPIE */ diff -x CVS -wNur ../cvs/other/openssh_cvs/auth2-chall.c openssh_cvs/auth2-chall.c --- ../cvs/other/openssh_cvs/auth2-chall.c Wed Oct 3 19:12:44 2001 +++ openssh_cvs/auth2-chal...

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_pass...

...OGIN_NEEDS_UTMPX diff -adurN openssh-3.7.1p2.privsep/auth-bsdauth.c openssh-3.7.1p2/auth-bsdauth.c --- openssh-3.7.1p2.privsep/auth-bsdauth.c Thu Jul 4 04:14:18 2002 +++ openssh-3.7.1p2/auth-bsdauth.c Sat Oct 4 23:52:37 2003 @@ -115,6 +115,7 @@ bsdauth_free_ctx }; +#ifndef DISABLE_PRIVSEP KbdintDevice mm_bsdauth_device = { "bsdauth", bsdauth_init_ctx, @@ -122,4 +123,5 @@ mm_bsdauth_respond, bsdauth_free_ctx }; +#endif /* DISABLE_PRIVSEP */ #endif diff -adurN openssh-3.7.1p2.privsep/auth-options.c openssh-3.7.1p2/auth-options.c --- openssh-3.7.1p2.privsep/auth-options.c Tue Ju...

Hello, I hope this is the right place to post this. I added readline support to the sftp client. It adds optional --with-readline parameter for configure to enable this feature. You'll of course need to re-run autoheader and autoconf after applying this patch. It's patched against 3.4p1 but should work with any recent openssh. It works fine for me (GNU/Linux) - feel free to test it and

...====================== RCS file: /cvs/openssh/auth.h,v retrieving revision 1.30 diff -u -r1.30 auth.h --- auth.h 5 Mar 2002 01:53:04 -0000 1.30 +++ auth.h 28 Mar 2002 16:44:29 -0000 @@ -43,6 +43,7 @@ #endif typedef struct Authctxt Authctxt; +typedef struct Authaccess Authaccess; typedef struct KbdintDevice KbdintDevice; struct Authctxt { @@ -71,6 +72,19 @@ #endif }; +/* holds the access lists for a given auth method */ +struct Authaccess { + int num_allow_users; + char **allow_users; + int num_deny_users; + char **deny_users; + int num_allow_...

...0; } *** auth.h.O Tue Jun 5 15:25:06 2001 --- auth.h Mon Jun 18 14:28:04 2001 *************** *** 35,40 **** --- 35,43 ---- #include <bsd_auth.h> #endif + /* set when password has expired */ + extern int forced_passwd_change; + typedef struct Authctxt Authctxt; typedef struct KbdintDevice KbdintDevice; *** session.c.O2 Mon Jun 18 14:21:15 2001 --- session.c Mon Jun 18 14:39:36 2001 *************** *** 603,608 **** --- 603,636 ---- debug("Forced command '%.900s'", command); } + if (forced_passwd_change) { + char *user = s->pw->pw_name; + char...

Attached is a patch that allows for an interactive Kerberos password change via keyboard-interactive, and also reports any banners received from krb5_g_i_c_p() (e.g., password expiration notification if you have krb5-1.2.x patched appropriately). This could probably be refactored a bit and probably done better, but I'm sending this in in case anyone finds it useful. The major drawback is

A non-text attachment was scrubbed... Name: openssh.diff Type: text/x-patch Size: 49208 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/8f94fb5b/attachment.bin

http://bugzilla.mindrot.org/show_bug.cgi?id=936 Summary: S/Key authentication fails if UsePAM=no Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: ulm at

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST --- Retarget unresolved

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: