search for: keylogin

...oot password is known. For OpenSSH PermitRootLogin is set to without-password and a key is added to the authorized_keys file for each sysadmin. BUT if in sshd_config UseLogin is set to yes then RSA keys cannot be used to get in as root. If UseLogin is set to no then sshd doesn't do the keylogin, therefore, no home directory (dh Secured NFS). and resticted access to the NIS+ maps. Should sshd be fixed to handle the keylogin. (Obviously this could only work with password auth) Tim McGarry

Hi, I'm trying to make sshd perform a keylogin on a Solaris 7 NIS+ client with PAM. ssh connects and works fine but keyserv reports that it `can't encrypt the session key'. So I think the keylogin failed or did not happen when the user started an ssh session. The following message is logged in syslog. >sshd[489]: pam_setcred: erro...

Hi all, I'm a little confused over what exactly the NISPLUS and NISPLUS_HOME support options actually mean. I'm hoping somebody can shed a little light on this. Our main samba server is a Solaris 2.7 machine (using NIS+ for passwords, etc, etc.) running samba 2.0.5a. I have recently been investigating a problem where, after a reboot of the server, various 3rd party products (POP, IMAP,

...ority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org ReportedBy: David.Leonard at quest.com This bug is a consequence of the fix applied in bug 789. When using keyboard-interactive to login through OpenSSH to a Solaris 8 NIS+/PAM host, the automatic 'keylogin' feature of the pam_dhkeys PAM module disappears. It's not so bad; the workaround is to run keylogin manually once at a shell. debug3: PAM: opening session debug1: PAM: reinitializing credentials The cause seems to be that the pam_dhkeys.so module ignores the PAM_REINITIALIZE_CRED...

...- Your Windows clients are using password authentication. That doesn't work with ssh 3.7.1p2 on Solaris because the sshd has to be able to read the encrypted password out of NIS+. But if you run NIS+ at security level 2 the user needs to authenticate to NIS+ first via an explicit or implicit keylogin in order to be able to read his/her own encrypted password. Other users are not able to read it and that includes the root user on NIS+ clients. One exception is the root user (or machine principal) of the NIS+ master, that's why it works there. If you succeed to login via telnet then the t...

Author: peteh Repository: /hg/zfs-crypto/gate Revision: fb481a997c81efc700a4bba9952c6799f95191d9 Log message: 6342022 keyserv does not use /etc/.rootkey on x86 Files: update: usr/src/cmd/keyserv/chkey.c update: usr/src/cmd/keyserv/keylogin.c update: usr/src/cmd/keyserv/keyserv.c

...ollowing message would appear in the syslog.log: Oct 8 19:20:38 myhost sshd[22179]: User root not allowed because account is locked We use NIS+ under HP-UX 11.00. We have very recently changed the root password. To change the root password under NIS+ we do the following: # passed # chkey -p # keylogin -r The last command generates a /etc/.rootkey file. Doing the command '/usr/lbin/getprpw root' says the account is *not* locked. We did not have any problems using ssh to login as root with OpenSSH 3.7.1p1. Is this a bug or am I missing something? Any info will be appreciated. Thanks,...

...at |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED Summary|keylogin not successful |PAM modules relying on | |module-private data | |(pam_dhkeys, pam_krb5, AFS) | |fail Version|3.7.1p1 |-curren...

...1225 gcc and cmd/keyserv don''t get along 6273831 gcc and cmd/rpcsvc don''t get along Files: update: usr/src/cmd/keyserv/chkey.c update: usr/src/cmd/keyserv/chkey_common.c update: usr/src/cmd/keyserv/detach.c update: usr/src/cmd/keyserv/domainname.c update: usr/src/cmd/keyserv/keylogin.c update: usr/src/cmd/keyserv/keylogout.c update: usr/src/cmd/keyserv/keyserv.c update: usr/src/cmd/keyserv/newkey.c update: usr/src/cmd/keyserv/setkey.c update: usr/src/cmd/rpcsvc/nis/bin/nisadm.c update: usr/src/cmd/rpcsvc/nis/bin/nisctl.c update: usr/src/cmd/rpcsvc/nis/bin/nisping.c upda...

Hello, I am having a very aggrivating problem, and I will try and provide all of the necessary information. I have openssh-3.7.1p2 with openssl-0.9.6k installed on Solaris 8. Here is what I've been able to determine so far: 1. Local account authentication works fine (non-NIS+). 1a. NIS+ is running at security level 2 2. Telnet authentication works fine. 2a. When I use the SSH client,

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?