search for: kerberos_or_local_passwd

Displaying 14 results from an estimated 14 matches for "kerberos_or_local_passwd".

2001 Mar 01
1
Bug report against openssh-2.3.0p1
...a passwordless login is a bug in OpenSSH. I have applied the following patch to my copy. It seems to fix the problem. *** auth1.c Thu Mar 1 17:33:31 2001 --- auth1.c.patched Thu Mar 1 17:33:18 2001 *************** *** 455,461 **** (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif /* KRB4 */ #ifdef USE_PAM ! auth_pam_password(pw, "")) { #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, --- 455,461 ---- (!options.kerber...
2002 Jun 26
1
[Fwd: Kerberos buglet in OpenSSH-3.3p1]
Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Feb 12
1
pam protocol 1 fix
...auth1.c =================================================================== RCS file: /var/cvs/openssh/auth1.c,v retrieving revision 1.30 diff -u -r1.30 auth1.c --- auth1.c 2001/02/12 07:02:24 1.30 +++ auth1.c 2001/02/12 18:58:22 @@ -97,7 +97,7 @@ (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif #ifdef USE_PAM - auth_pam_password(pw, password)) { + auth_pam_password(pw, "")) { #else auth_password(pw, "")) { #endif
2001 Jun 19
0
Empty password patch
...; /* If the user has no password, accept authentication immediately. */ - if (options.password_authentication && + if (options.password_authentication && options.permit_empty_passwd && #ifdef KRB4 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif
2004 Jun 22
2
patch: openssh empty password fail with pam/sshv1
...ssing do_pam_account() call. The patch below to auth1.c fixes the problem. If this is correct, can someone please commit this? Thanks, Dave. --- auth1.c 19 Jun 2004 00:51:06 -0000 1.1 +++ auth1.c 22 Jun 2004 04:07:38 -0000 1.5 @@ -81,8 +81,13 @@ (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif PRIVSEP(auth_password(authctxt, ""))) { - auth_log(authctxt, 1, "without authentication", ""); - return; +#ifdef USE_PAM + if (options.use_pam && (PRIVSEP(do_pam_account()))) +#endif + { + auth_log(authctxt, 1, "without auth...
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...int do_pam_account(char *username, char *remote_user); diff -uNr openssh-3.0.2p1.orig/auth1.c openssh-3.0.2p1/auth1.c --- openssh-3.0.2p1.orig/auth1.c Tue Nov 13 04:46:19 2001 +++ openssh-3.0.2p1/auth1.c Fri Feb 15 02:15:02 2002 @@ -85,7 +85,7 @@ (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif #ifdef USE_PAM - auth_pam_password(pw, "")) { + auth_pam_password(pw, "", PAM_PROMPT_ECHO_OFF)) { #elif defined(HAVE_OSF_SIA) 0) { #else @@ -252,7 +252,8 @@ #ifdef USE_PAM /* Do PAM auth with password */ - authenticated = auth_pam_pa...
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
...am_password(pw, response, SSH_CMSG_AUTH_TIS); + xfree(response); + } + break; #else case SSH_CMSG_AUTH_TIS: /* TIS Authentication is unsupported */ @@ -503,7 +532,7 @@ (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif /* KRB4 */ #ifdef USE_PAM - auth_pam_password(pw, "")) { + auth_pam_password(pw, "", SSH_CMSG_AUTH_PASSWORD)) { #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL,...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...-77,6 +78,7 @@ options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; + options->certkey_authentication = -1; options->pubkey_authentication = -1; options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; @@ -134,6 +136,8 @@ _PATH_HOST_DSA_KEY_FILE; } } + if (options->ca_key_file == NULL) + options->ca_key_file = _PATH_CA_KEY_FILE; if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; if (options->listen_addrs == NULL) @@ -...
2003 Aug 10
9
updated gssapi diff
...========================================== RCS file: /home/hack/jakob/mycvs/sshgss/servconf.c,v retrieving revision 1.1.1.2 retrieving revision 1.5 diff -u -r1.1.1.2 -r1.5 --- servconf.c 10 Aug 2003 14:06:52 -0000 1.1.1.2 +++ servconf.c 10 Aug 2003 14:25:01 -0000 1.5 @@ -69,6 +69,9 @@ options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; options->kerberos_tgt_passing = -1; + options->afs_token_passing = -1; + options->gss_authentication=-1; + options->gss_cleanup_creds = -1; options->password_authentication = -1; options->kbd_interactive_authentication = -1;...