search for: pam_error_msg

Displaying 20 results from an estimated 27 matches for "pam_error_msg".

2006 Oct 31
0
6388050 The message for successful password update is a PAM_ERROR_MSG
Author: gww Repository: /hg/zfs-crypto/gate Revision: e1da9875c35e62b7c88968d29eb9c649f1c885b2 Log message: 6388050 The message for successful password update is a PAM_ERROR_MSG Files: update: usr/src/lib/pam_modules/authtok_store/authtok_store.c
2004 Jan 12
1
PAM_ERROR_MSG and PAM_TEXT_INFO from modules
...could come up with is to write a new pam module similar to pam_nologin, mine is pam_noulogin. It works as both as an auth, and account module. It checks for /etc/noulogin and denies everyone except root and members of group wheel access when it exists, printing the contents of /etc/noulogin via a PAM_ERROR_MSG through the conversation mechanism. so that this would work with both pubkey and password auth I configured the module as a requisite account module, this works, ssh denies access when it should, but it does not print the contents of /etc/noulogin. that is a problem since to the users it looks li...
2018 Jun 12
16
[Bug 2876] New: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2876 Bug ID: 2876 Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support...
2003 Jun 20
1
Problems with conversation functions PAM + OpenSSH
...for bothering you with this problem, but I ca't find solutions. I write small PAM module, and I've got the problem with conversation function with OpenSSH 3.5p1. When the message style is PAM_PROMPT_ECHO_ON, or PAM_PROMPT_ECHO_OFF everything is allright. But when I use PAM_TEXT_INFO, or PAM_ERROR_MSG, ssh prints nothing on the client side. Does anyone know the reason of this, and how can I print messages to the user. Kuba ---------------------------------------------------------- Jakub Jurkiewicz kura at icm.edu.pl kura at charybda.icm.edu.pl jj176473 at zodiac.mimuw.edu.pl -------------...
2005 Apr 30
1
PAM_AUTH_ERR messages
Hi, There seems to be no way for PAM to inform a user why her ssh login attempt is being denied. Niether PAM_TEXT_INFO or PAM_ERROR_MSG conversation messages are passed on to the user by sshd unless the login is successful. This is causing great frustration for us at several sites where users can't figure out why their logins aren't working. Would a patch be accepted to display such text even on login failure with a coup...
2001 Oct 26
5
New password echoes on Sol8
I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable
2018 Jul 23
3
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Thanks Louis. Results below. > Hai, > > I've reading this thread more closely. > > I suggest you try the followoing. > > Check the servers hardware clock in the bios first. > Set these within 5 min, if they are not about the same. > There no RTC in the pi; the other DC is running in a VM with RTC set to UTC. I have disabled the guest from getting the time
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's
2000 Aug 24
0
patch for a few things
...-DSSHD_PAM_SERVICE="ssh"), and I couldn't tell which the particular binary was looking for. Doing a 'strings' on the binary didn't help. :) So, I added a message to log this on startup, when compiled with PAM support. - in auth-pam.c:pamconv(), add support for PAM_ERROR_MSG. Also, in addition to appending messages to pam_msg, it sends errors and text_infos to the client as debug messages, and also log()'s error messages. I had a situation where a PAM module was trying to send an error to the user, but it was never being displayed. I also figured...
2020 Apr 25
0
[Bug 3154] New: Issue with showing info and error messages from a blocking PAM module
...gt; https://bugzilla.mindrot.org/attachment.cgi?id=3388&action=edit PAM module that demonstrates the problem I've stumbled across an apparent issue with showing messages using PAM_TEXT_INFO style from a PAM module that blocks for (non-keyboard) user input. The same thing happens when using PAM_ERROR_MSG, but PAM_PROMPT_ECHO_OFF/ON work correctly. Attached is an example module that works properly with sudo, but shows both messages at the same time, at the end of the PAM stack execution, when trying to log into a server running sshd. Note that nothing is displayed from previous PAM modules either,...
2002 Jun 27
1
[PATCH] kbdintctxt->nreq test
If the info_response code is going to test that the # of responses is < 100, then the info_request code should check that < 100 prompts are sent. It would be rude to send 101 prompts and then fail when the responses come back. I actually think the test should be removed altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test
2018 Jul 23
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
...tem time. OK, I know where the message is coming from ;-) samba-master/nsswitch/pam_winbind.c line 1441 static void _pam_warn_krb5_failure(struct pwb_context *ctx, const char *username, uint32_t info3_user_flgs) { if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, _("Failed to establish your Kerberos Ticket cache " "due time differences\n" "with the domain controller. " "Please verify the system time.\n")); _pam_log_debug(ctx, LOG_DEBUG, "User %s: Clock skew when...
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...+ free(reply); + return PAM_CONV_ERR; + } + reply[count].resp = xstrdup(pampasswd); + } else + reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1)); reply[count].resp_retcode = PAM_SUCCESS; - reply[count].resp = xstrdup(pampasswd); break; + case PAM_ERROR_MSG: case PAM_TEXT_INFO: - reply[count].resp_retcode = PAM_SUCCESS; + if ((*msg)[count].msg != NULL) { + if (pamstate == INITIAL_LOGIN) + pam_msg_cat((*msg)[count].msg); + else { + fputs((*msg)[count].msg, stderr); + fputs("\n", stderr); + } + } re...
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:
2007 Jun 05
2
pam_ldap-184 compile error
...function) pam_ldap.c:3464: warning: dereferencing type-punned pointer will break strict-aliasing rules pam_ldap.c:3476: error: `PAM_IGNORE' undeclared (first use in this function) pam_ldap.c:3476: error: `PAM_AUTHINFO_UNAVAIL' undeclared (first use in this function) pam_ldap.c:3482: error: `PAM_ERROR_MSG' undeclared (first use in this function) pam_ldap.c:3482: warning: passing arg 1 of `_conv_sendmsg' from incompatible pointer type pam_ldap.c:3483: error: `PAM_PERM_DENIED' undeclared (first use in this function) pam_ldap.c:3486: error: `PAM_PRELIM_CHECK' undeclared (first use in th...
1998 Oct 07
1
Re: sshd and PAM [summary]
-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan
2003 Jan 10
0
Samba-2.2.7a Compile error --with-pam
...m_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:334: `PAM_ERROR_MSG' undeclared (first use in this function) nsswitch/pam_winbind.c:348: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:348: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:348: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:348: dereferencing...
2002 Jun 28
2
Error when configuring pam on samba (MANDRAKE 8.2 and before)
...m_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:331: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:334: `PAM_ERROR_MSG' undeclared (first use in this functi on) nsswitch/pam_winbind.c:348: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:348: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:348: arithmetic on pointer to an incomplete type nsswitch/pam_winbind.c:348: dereferencin...
2002 Apr 26
0
PAM keyboard-interactive
...context_pam2.num_expected++; + pam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + pam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); break; - case PAM_TEXT_INFO: case PAM_ERROR_MSG: - default: - /* Capture all these messages to be sent at once */ - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); + /*pam_send(ctxt, "e%s", msg[i]->msg);*/ break; + case PAM_TEXT_INFO: + /*pam_send(ctxt, "i%s", msg[i]->msg);*/ + break; + default: +...