search for: pam_get_authtok

Hello, I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources. The big embarrassment was in pam_get_authtok.c. The problem is that even without a valid SSH login it's possible to know the server's hostname. az at az:/home/az % ssh 1.2.3.4 Password for az at real.hostname.com: Changes made by "des": http://www.openpam.org/changeset/510/openpam/trunk/lib I really do not think that this...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone reproduce this on a Solaris 8 system with 4.2p1: openssh is configured to use PAM and sshd_config has "UsePam" set to "yes" pam.conf has something like this: other auth required pam_get_authtok other auth sufficient pam_krb5.so.1 use_first_pass other auth required pam_unix.so.1 use_first_pass Now, If I log in via ssh as a user who has a Kerberos principal, everything works just fine. If a local account is used, sshd segfaults. If I remove the pam_krb5.so.1 reference auth line, the local...

...ption(): returning NULL Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Created principal: woodsb02 Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_parse_name() Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got principal: woodsb02 at WOODS.AM Feb 11 09:20:40 mail auth: in pam_get_authtok(): entering Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RHOST Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_HOST Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail...

...eb 11 09:20:40 mail auth: in pam_sm_authenticate(): Created principal: > woodsb02 > Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Done krb5_parse_name() > Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got principal: > woodsb02 at WOODS.AM > Feb 11 09:20:40 mail auth: in pam_get_authtok(): > entering > Feb 11 09:20:40 mail auth: in pam_get_item(): entering: > PAM_RHOST > Feb 11 09:20:40 mail auth: in pam_get_item(): returning > PAM_SUCCESS > Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_HOST > Feb 11 09:20:40 mail auth: in pam_get_item(): returni...