Displaying 20 results from an estimated 46 matches for "pam_conv".
Did you mean:
am_iconv
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
...+ debug("%s: %s", __func__, **prompts);
+ buffer_append(&loginmsg, **prompts,
+ strlen(**prompts));
xfree(**prompts);
**prompts = NULL;
}
@@ -551,21 +549,6 @@ do_pam_account(void)
}
void
-do_pam_session(void)
-{
- sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
- (const void *)&null_conv);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: failed to set PAM_CONV: %s",
- pam_strerror(sshpam_handle, sshpam_err));
- sshpam_err = pam_open_session(sshpam_handle, 0);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: pam_open_session():...
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pa...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...-216,7 +279,7 @@
#ifndef USE_POSIX_THREADS
const char *pam_user;
- pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
+ pam_get_item(grab_pamh(0, NULL), PAM_USER, (const void **)&pam_user);
setproctitle("%s [pam]", pam_user);
#endif
@@ -224,11 +287,11 @@
sshpam_conv.appdata_ptr = ctxt;
buffer_init(&buffer);
- sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_CONV,
(const void *)&sshpam_conv);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
- sshpam_err = pam_authenticate(sshpam_handle, 0...
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
...sshpam_account_status = 0;
- return (sshpam_account_status);
- }
-
- if (sshpam_err == PAM_NEW_AUTHTOK_REQD)
- sshpam_password_change_required(1);
-
- sshpam_account_status = 1;
- return (sshpam_account_status);
-}
-
void
do_pam_set_tty(const char *tty)
{
@@ -939,6 +918,45 @@
static struct pam_conv store_conv = { sshpam_store_conv, NULL };
+u_int
+do_pam_account(void)
+{
+ struct pam_conv *OldConv;
+ if (sshpam_account_status != -1)
+ return (sshpam_account_status);
+
+ sshpam_err = pam_get_item(sshpam_handle, PAM_CONV, (void *)&OldConv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal (&quo...
2008 May 23
1
how to debug ssh slow connection issues.
...3 12:01:56 192.168.1.21 pam_stack[23836]: creating child stack
`system-auth'
May 23 12:01:56 192.168.1.21 pam_stack[23836]: creating environment
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_AUTHTOK to
child: source is NULL
May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_CONV to child
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_FAIL_DELAY to
child: source not set
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_OLDAUTHTOK to
child: source is NULL
May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to child
May 23 12:01:56 19...
2016 Dec 14
1
cwrap: pam_wrapper: pam_wrapper.c errors
An embedded and charset-unspecified text was scrubbed...
Name: pam_wrapper.c
URL: <http://lists.samba.org/pipermail/samba/attachments/20161214/1f29843b/pam_wrapper.c>
2020 Jul 29
1
kerberos ticket on login problem
...> "xrdp-sesman" (0xb4d6a0)
> Jul 29 09:33:53 brayden xrdp-sesman[1652]:
> pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE:
> ITEM(PAM_AUTHTOK) = 0xb4fd80
> Jul 29 09:33:53 brayden xrdp-sesman[1652]:
> pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: ITEM(PAM_CONV)
> = 0xb47530
> Jul 29 09:33:53 brayden xrdp-sesman[1652]:
> pam_winbind(xrdp-sesman:auth): getting password (0x000013d1)
> Jul 29 09:33:53 brayden xrdp-sesman[1652]:
> pam_winbind(xrdp-sesman:auth): pam_get_item returned a password
> Jul 29 09:33:53 brayden xrdp-sesman[1652]:...
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
...winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_RHOST) = "192.168.2.240" (0x102c028)
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_AUTHTOK) = 0x1021ab8
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_CONV) = 0x102c068
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): getting password (0x00001389)
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): Verify user 'roy'
Jul 24 10:13:18 pi-dc sshd...
2017 Mar 13
1
pam_winbind with trusted domain
...0)
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_RHOST) = "192.168.1.1" (0x7fc74c2e15d0)
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_AUTHTOK) = 0x7fc74c2caec0
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_CONV) = 0x7fc74c2e0cf0
sshd[9569]: pam_winbind(sshd:auth): getting password (0x00001389)
sshd[9569]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[9569]: pam_winbind(sshd:auth): Verify user 'DOMREMOTE\testuser'
sshd[9569]: pam_winbind(sshd:auth): PAM config: krb5_ccache_type '...
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again.
Im running out of options..
When i look at :
https://wiki.samba.org/index.php/PAM_Offline_Authentication
You can do these last checks.
Run the : Testing offline authentication as show on the wiki.
Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it.
Check if these packages are installed.
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
...until quite late in the login process, this function is only used
for pam_chauthtok() in some cases, and always after sshd has forked to
set up for the user's shell.
The code for the chauthtok looks like this (from OpenSSH 3.8.1p1's
do_pam_chauthtok() in auth-pam.c):
static struct pam_conv tty_conv = { pam_tty_conv, NULL };
[...]
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&tty_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
debug...
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional
2001 Apr 30
0
Warning messages compiling --with-pam - pampass.c and pass_check.c
...ypted) == 0);
673 #endif /* HAVE_CRYPT */
I changed "ifndef" to "ifdef" and the message went away.
In pampass.c, I can't really tell, since I'm not sure what this code
section
is supposed to do, define a struct? init a struct? both?:
127
128 static struct pam_conv PAM_conversation = {
129 &PAM_conv,
130 NULL
131 };
132
Can anyone check this and let me know?
thanks
Dennis
2011 Aug 08
0
[PATCH] check admin password for upgrade verification
...lf):
auth = PAM.pam()
auth.start("passwd")
- auth.set_item(PAM.PAM_USER, "root")
+ auth.set_item(PAM.PAM_USER, "admin")
global current_password
current_password = self.current_password.value()
auth.set_item(PAM.PAM_CONV, pam_conv)
@@ -590,7 +590,7 @@ class NodeInstallScreen:
self.root_password_1 = Entry(15,password = 1)
self.root_password_2 = Entry(15,password = 1)
- if pwd_set_check("root"):
+ if pwd_set_check("admin"):
elements.setField(Label(&qu...
2009 Sep 08
1
openssh, pam, challenge-response problem
...and waits again for username and this time for challenge-response.
Pam_radius use pam->conv function, retrieved with
pam_get_item(PAM_COM), with challenge-request and type
PAM_PROMPT_ECHO_ON, to present the challenge-request to user and to
retrieve the challenge-response.
OpenSSH sets the PAM_CONV function to sshpam_passwd_conv() (defined in
pam_auth.c). But this function doesn't have implemented the
PAM_PROMPT_ECHO_ON flavor, and returns the PAM_CONV_ERROR :-(
It should be possible to implement the PAM_PROMPT_ECHO_ON conversation
either with read()/write() or with fdopen()/fprintf(...
2013 Nov 28
4
SSH - Winbind and Keybased Auth
...quot;ssh" (0x7f6b8268dbd0)
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_RHOST) = "mycomputer.domain.local" (0x7f6b82684610)
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_CONV) = 0x7f6b82683810
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): user 'nathan' granted access
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] LEAVE: pam_sm_acct_mgmt returning 0 (PAM_SUCCESS)
Nov 28 17:34:58 testbox01 sshd[26078]:...
2003 Oct 28
2
Privilege separation
...@@ -500,6 +500,7 @@
sshpam_free_ctx
};
+#ifndef DISABLE_PRIVSEP
KbdintDevice mm_sshpam_device = {
"pam",
mm_sshpam_init_ctx,
@@ -507,6 +508,7 @@
mm_sshpam_respond,
mm_sshpam_free_ctx
};
+#endif /* DISABLE_PRIVSEP */
/*
* This replaces auth-pam.c
@@ -673,8 +675,10 @@
pam_conv.conv = pam_chauthtok_conv;
pam_conv.appdata_ptr = NULL;
+#ifndef DISABLE_PRIVSEP
if (use_privsep)
fatal("Password expired (unable to change with privsep)");
+#endif /* DISABLE_PRIVSEP */
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&pam_conv);
if...
2014 Jan 02
2
pam_winbind fails to authenticate domain users on my debian wheezy domain member servers
...7f1d54cb2030] STATE: ITEM(PAM_RHOST) = "192.168.0.107" (0x7f1d54cb21b0)
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_AUTHTOK) = 0x7f1d54ca83e0
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_CONV) = 0x7f1d54cb2210
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): getting password
(0x00001189)
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): pam_get_item
returned a password
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): Verify user
'georg'
Jan 2 12:23:...
2002 Apr 26
0
PAM keyboard-interactive
...t;
-#include "ssh.h"
-#include "ssh2.h"
#include "auth.h"
-#include "auth-pam.h"
-#include "packet.h"
#include "xmalloc.h"
-#include "dispatch.h"
#include "log.h"
+#include "monitor_wrap.h"
-static int do_pam_conversation_kbd_int(int num_msg,
- const struct pam_message **msg, struct pam_response **resp,
- void *appdata_ptr);
-void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt);
-
-struct {
- int finished, num_received, num_expected;
- int *prompts;
- struct pam_response *respon...