search for: openpam

Hi, I want to integrate openpam with openssh in our server (which uses QNX632 operating system). I am facing some problems in the "make install" part of openssh. Following are the steps I followed to build zlib, openssl, openpam and openssh. *NOTE*: Since I want the sshd and ssh binaries in my server(using QNX), I had...

Hello, I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources. The big embarrassment was in pam_get_authtok.c. The problem is that even without a valid SSH login it's possible to know the server's hostname. az at az:/home/az % ssh 1.2.3.4 Password for az at real.hostname.com: Changes made by "des": http://www.openpam.org/changeset/...

...ariants on the "password required" line. All of them exhibit the same behavior. I have been unable to find any debug or log information that sheds much light on this behavior. When the user attempts to change their password, this is what is shown in /var/log/secure.log: passwd[229]: in _openpam_check_error_code(): pam_sm_chauthtok(): unexpected return value 12 And this is what the user sees: $ passwd Changing password for <user>. passwd: authentication information is unavailable smbd.log shows nothing at all. If the user's password is changed using the root account, no error...

Hi Apple changed from Linux PAM to OpenPAM and the dovecot pam file (dovecot installed from macports) doesn't work anymore. Installed pam modules are: -r--r--r-- 1 root wheel 76640 31 Jul 09:15 pam_env.so.2 -r--r--r-- 1 root wheel 51024 31 Jul 09:15 pam_group.so.2 -r--r--r-- 1 root wheel 99776 31 Jul 09:15 pam_krb5...

...is self-evident that PAM adds complexity to login-like program's implementation. This is before one has to take into account its horribly broken, non-interruptible conversation function. 2. Inconsistencies in the specification - these have been documented by a PAM implementor at http://www.openpam.org/errata.html If you like reading vague specs, try reading the original PAM DCE RFC. This vagueness contributed to one of the vulnerabilities mentioned. 3. Differences between vendors' implementations. Solaris PAM passes message arguments differently to LinuxPAM and OpenPAM. Some PAM im...

Hello Brent, I'm writing in regards to the thread you opened @ samba.org concerning authenticating users against AD using winbind. Did you need to manipulate the PAM modules? Currently when I run wbinfo -t I get secret is good, and when I run wbinfo -u I get a list of all users but I can't get SAMBA to accept my domain users. Regards, Jesse

...ss drops its privileges and carries on the conversation with the client, while the parent retains its privileges, monitors the child, and performs privileged operations on behalf of the child when it is satisified that everything is in order. Privilege separation is enabled by default in FreeBSD. OpenPAM is an implementation of the PAM framework, which allows the use of loadable modules to implement user authentication and session management in a manner defined by the administrator. It is used by OpenSSH and numerous other applications in FreeBSD to provide a consistent and configurable authentica...

...ss drops its privileges and carries on the conversation with the client, while the parent retains its privileges, monitors the child, and performs privileged operations on behalf of the child when it is satisified that everything is in order. Privilege separation is enabled by default in FreeBSD. OpenPAM is an implementation of the PAM framework, which allows the use of loadable modules to implement user authentication and session management in a manner defined by the administrator. It is used by OpenSSH and numerous other applications in FreeBSD to provide a consistent and configurable authentica...

...ss drops its privileges and carries on the conversation with the client, while the parent retains its privileges, monitors the child, and performs privileged operations on behalf of the child when it is satisified that everything is in order. Privilege separation is enabled by default in FreeBSD. OpenPAM is an implementation of the PAM framework, which allows the use of loadable modules to implement user authentication and session management in a manner defined by the administrator. It is used by OpenSSH and numerous other applications in FreeBSD to provide a consistent and configurable authentica...

...ss drops its privileges and carries on the conversation with the client, while the parent retains its privileges, monitors the child, and performs privileged operations on behalf of the child when it is satisified that everything is in order. Privilege separation is enabled by default in FreeBSD. OpenPAM is an implementation of the PAM framework, which allows the use of loadable modules to implement user authentication and session management in a manner defined by the administrator. It is used by OpenSSH and numerous other applications in FreeBSD to provide a consistent and configurable authentica...

...nitgroups(3C) wiping out supplementary groups which only applies in the Linux world if the LinuxPAM pam_group(8) module has been installed and configured which allows one to assign additional secondary groups to a user using /etc/security/group.conf in addition to /etc/group. Note that there is an OpenPAM PAM module of the same name, pam_group(8), which has different functionality, it performs access control based on group membership. There is an earlier call to do_pam_setcred() in main() so this additional call to do_pam_setcred() doesn't need to be called on non-Linux platforms. I don't...

...le-time check whethere there exists such a preprocessor symbol as the PAM item PAM_RHOST (why check that? IIRC PAM_RHOST is standard and in all PAM implementations). However, PAM_RHOST (or other PAM items, for that matter), are not preprocessor symbols in all PAM implementations. For example, in OpenPAM (the PAM implementation used on FreeBSD >= 5.0, among others; FreeBSD 4 used Linux-PAM), PAM items are elements of an enum, and thus this check fails, and the client host is not passed to PAM. Since it can be defined in several ways, I do not see how to check for it other than using a compilati...

I am out of the office until 10/10/2012. I am out of the office and will not have access to e-mail or voice mail. I will respond to your e-mail after I return. Thanks, Chris Meyer Note: This is an automated response to your message "Re: make install errors in openssh(when openpam is to be integrated with openssh)" sent on 10/09/2012 9:40:10. This is the only notification you will receive while this person is away.

http://bugzilla.mindrot.org/show_bug.cgi?id=632 Summary: PAM conversation function does not return when connection is aborted Product: Portable OpenSSH Version: 3.6.1p2 Platform: All URL: http://www.cl.cam.ac.uk/~mgk25/otpw.html#opensshbug OS/Version: Linux Status: NEW Severity: major

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

http://bugzilla.mindrot.org/show_bug.cgi?id=926 carsten.benecke at rrz.uni-hamburg.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carsten.benecke at rrz.uni- | |hamburg.de ------- Comment #16 from

Okay, I guess I?ll be the first to take Colin Percival up in that the following statement applies to me: ?If you find a security problem -- or even if you find something which might possibly be a security problem but you're not certain if it is or not -- then please let us know.? I recently installed pam_radius according to the instructions located at the following address: