search for: pam_authentication_via_kbd_int

...ing diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c --- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001 +++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001 @@ -102,6 +102,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->pam_authentication_via_kbd_int = -1; + options->idletimeout = -1; } void @@ -210,6 +211,8 @@ options->client_alive_count_max = 3; if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_via_kbd_int = 0; + if (options->idletimeout == -1) + options->idletimeout=0; } /* Keyw...

...RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.97 diff -u -w -u -w -b -p -r1.97 servconf.c --- servconf.c 5 Sep 2002 04:35:15 -0000 1.97 +++ servconf.c 24 Nov 2002 18:43:41 -0000 @@ -57,6 +57,9 @@ initialize_server_options(ServerOptions /* Portable-specific options */ options->pam_authentication_via_kbd_int = -1; +#ifdef USE_PAM + options->pam_service_name_append = NULL; +#endif /* Standard Options */ options->num_ports = 0; @@ -134,6 +137,10 @@ fill_default_server_options(ServerOption /* Portable-specific options */ if (options->pam_authentication_via_kbd_int == -1) options->...

...ssh-3.5p1/servconf.c Tue Dec 3 14:22:00 2002 @@ -48,6 +48,8 @@ /* Use of privilege separation or not */ extern int use_privsep; +extern char *__progname; + /* Initializes the server options to their default values. */ void @@ -57,6 +59,7 @@ /* Portable-specific options */ options->pam_authentication_via_kbd_int = -1; + options->pam_service_name = NULL; /* Standard Options */ options->num_ports = 0; @@ -134,6 +137,8 @@ /* Portable-specific options */ if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_via_kbd_int = 0; + if (options->pam_service_name ==...

...*/ diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c --- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001 +++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001 @@ -102,6 +102,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->pam_authentication_via_kbd_int = -1; + options->idletimeout = -1; } void @@ -210,6 +211,8 @@ options->client_alive_count_max = 3; if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_via_kbd_int = 0; + if (options->idletimeout == -1) + options->idletimeout=0; } /* Keyw...

...1.1 diff -u -p -r1.1 auth2-kbdint.c --- auth2-kbdint.c 6 Jun 2002 20:27:56 -0000 1.1 +++ auth2-kbdint.c 1 Mar 2003 17:37:41 -0000 @@ -50,7 +50,13 @@ userauth_kbdint(Authctxt *authctxt) authenticated = auth2_challenge(authctxt, devs); #ifdef USE_PAM - if (authenticated == 0 && options.pam_authentication_via_kbd_int) + /* In the normal case, try PAM if challenge-response failed. + However, if this was a prerequisite challenge-response + authentication attempt, and PAM auth is permitted as a + secondary method, then force the client to come back + with a second attempt instead. */ + if (!options.cha...

...-u -r1.100 auth2.c --- auth2.c 23 Apr 2002 10:28:49 -0000 1.100 +++ auth2.c 24 Apr 2002 01:03:17 -0000 @@ -119,8 +119,6 @@ /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - if (options.pam_authentication_via_kbd_int) - options.kbd_interactive_authentication = 1; dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); @@ -370,10 +368,6 @@ if (options.challenge_response_authentication) authenticated = auth2_challenge(authctxt, devs); -#ifdef US...

...-u -r1.1 auth2-kbdint.c --- auth2-kbdint.c 6 Jun 2002 20:27:56 -0000 1.1 +++ auth2-kbdint.c 2 Jul 2002 02:19:35 -0000 @@ -49,10 +49,6 @@ if (options.challenge_response_authentication) authenticated = auth2_challenge(authctxt, devs); -#ifdef USE_PAM - if (authenticated == 0 && options.pam_authentication_via_kbd_int) - authenticated = auth2_pam(authctxt); -#endif xfree(devs); xfree(lang); #ifdef HAVE_CYGWIN Index: auth2-pam.c =================================================================== RCS file: /var/cvs/openssh/auth2-pam.c,v retrieving revision 1.14 diff -u -r1.14 auth2-pam.c --- auth2-pam.c 28 J...

...u -r1.1 auth2-kbdint.c --- auth2-kbdint.c 6 Jun 2002 20:27:56 -0000 1.1 +++ auth2-kbdint.c 25 Jun 2002 01:42:11 -0000 @@ -49,10 +49,6 @@ if (options.challenge_response_authentication) authenticated = auth2_challenge(authctxt, devs); -#ifdef USE_PAM - if (authenticated == 0 && options.pam_authentication_via_kbd_int) - authenticated = auth2_pam(authctxt); -#endif xfree(devs); xfree(lang); #ifdef HAVE_CYGWIN Index: auth2-pam.c =================================================================== RCS file: /var/cvs/openssh/auth2-pam.c,v retrieving revision 1.12 diff -u -r1.12 auth2-pam.c --- auth2-pam.c 22 J...

Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht

...ation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + int chroot_users; } ServerOptions; void initialize_server_options(ServerOptions *); *** servconf.c@@\main\1 Tue Oct 1 17:25:26 2002 --- servconf.c Wed Oct 2 06:09:06 2002 *************** *** 122,127 **** --- 122,128 ---- options->client_alive_count_max = -1; options...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...RID_OLD) if (!authenticated && options.securid_authentication_via_kbd_int) authenticated = auth_securid_kbd_int(authctxt, lang); + #ifdef USE_PAM if (!authenticated && options.securid_fallback) + #endif #endif #ifdef USE_PAM if (authenticated == 0 && options.pam_authentication_via_kbd_int) *** openssh-3.1p1/auth2-securid3.c.orig Thu Apr 4 15:21:45 2002 --- openssh-3.1p1/auth2-securid3.c Thu Apr 4 15:38:00 2002 *************** *** 142,148 **** debug("Couldn't read /etc/sdace.txt"); retval = 0; } else { ! fscanf(pfdAcefile, "%s", szVarAce);...

...penssh-3.0.2p1.dist/servconf.h openssh-3.0.2p1/servconf.h --- openssh-3.0.2p1.dist/servconf.h Wed Sep 12 09:40:06 2001 +++ openssh-3.0.2p1/servconf.h Tue Dec 4 12:37:39 2001 @@ -129,6 +129,7 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + int log_fingerprint; } ServerOptions; Thanks, -- Jos Backus _/ _/_/_/ Santa Clara, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ josb at cncdsl.com _/_/ _/_/_/ u...

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...t the session */ - char *authorized_keys_file; /* File containing public keys */ - char *authorized_keys_file2; + + char *authorized_keys_files[MAX_AUTHKEYFILES]; /* + * Files containing + * public keys + */ + int num_authorized_keys_files; int pam_authentication_via_kbd_int; } ServerOptions;

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...sh-3.0.2p1.orig/servconf.h openssh-3.0.2p1/servconf.h --- openssh-3.0.2p1.orig/servconf.h Wed Sep 12 18:40:06 2001 +++ openssh-3.0.2p1/servconf.h Tue Jan 29 15:19:29 2002 @@ -128,10 +128,12 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + int log_key_fingerprint; + } ServerOptions; void initialize_server_options(ServerOptions *); void read_server_config(ServerOptions *, const char *); void fill_default_server_options(ServerOptions *); diff -u5 openssh-3.0.2p1.orig/sshd.8 openssh-3.0.2p1/sshd.8 --- openssh-3.0.2p1...

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

...t change was committed on 10/3/2001. + *************************************************************************** + * */ #include "includes.h" @@ -105,6 +131,12 @@ options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; options->pam_authentication_via_kbd_int = -1; + /* + * SD Mod: Initialize option to use steno timing manipulation. + * By default, timing analysis evasion is used. The -S flag + * must be used to turn off this feature. + */ + options->use_steno_timing_manipulation = 1; } void --- servconf....