search for: pam_handle_t

...d that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh", remove unnecessary casts "(pam_handle_t *)" * fix typo in NEW_AUTHTOK_MSG * extend pamconv() to support real interactive prompting and display, in addition to the kludge to feed the user's password into PAM during initial login * add function do_pam_chauthtok() to call pa...

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the whole environment, its failing...? anyone know how I should go about > > debugging this? >...

...=2 -fpie -pie -Wl,-z,relro,-z,now -shared -fpic -o pam_cifscreds.so pam_cifscreds.c cifskey.c resolve_host.c util.c -lpam -lkeyutils pam_cifscreds.c: In function ?cleanup_free_password?: pam_cifscreds.c:143:38: warning: unused parameter ?ph? [-Wunused-parameter] cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status) ^ pam_cifscreds.c:143:58: warning: unused parameter ?pam_end_status? [-Wunused-parameter] cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status)...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

...do_pam_auth(const char *user, const char *password); void do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, char *ttyname); +void do_pam_setcred(); void pam_cleanup_proc(void *context); static struct pam_conv conv = { @@ -230,6 +231,12 @@ PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) { + log("Cannot delete credentials: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + pam_retval = pam_end((pam_handle_t *)pamh, pam_...

An embedded and charset-unspecified text was scrubbed... Name: pam_wrapper.c URL: <http://lists.samba.org/pipermail/samba/attachments/20161214/1f29843b/pam_wrapper.c>

...3 00:05:35 kivinen * Added ifdefs around password expiration and inactivity checks, * because some systems dont have sp_expire and sp_inact fields. @@ -525,6 +528,14 @@ char *ticket = "none\0"; #endif /* KERBEROS */ +#ifdef HAVE_PAM +#include <security/pam_appl.h> +struct pam_handle_t *pamh=NULL; +char *pampasswd=NULL; +int retval; +int origretval; +#endif /* HAVE_PAM */ + /* Server configuration options. */ ServerOptions options; @@ -620,7 +631,56 @@ void do_child(const char *command, struct passwd *pw, const char *term, const char *display, const char *auth_proto,...

...ine NEW_AUTHTOK_MSG \ - "Warning: You password has expired, please change it now" - /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -175,11 +172,17 @@ pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); switch (pam_retval) { - case PAM_SUCCESS: + case PAM_SUCCESS: /* This is what we want */ break; - case PAM_NEW_AUTHTOK_REQD: - pam_msg_cat(NEW_AUTHTOK_MSG); +...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi OpenSSH'ers, I am emailing you to ask is it possible to record failed passwords attempts and log them to syslog? Are there patches available for this? Has anyone managed to do this before? Are there alternitive methods? Many Thanks, A - -- Alan Neville, Postgraduate Education Officer, DCU Students' Union 2009/2010, BS.c Computer

...src/auth/passdb-pam.c --- dovecot-0.99.10.6.deborig/src/auth/passdb-pam.c 2003-11-08 06:17:51.000000000 -0800 +++ dovecot-0.99.10.6/src/auth/passdb-pam.c 2004-07-08 18:32:52.000000000 -0700 @@ -166,13 +166,23 @@ static int pam_userpass_conv(int num_msg return PAM_SUCCESS; } -static int pam_auth(pam_handle_t *pamh, const char *user, const char **error) +static int pam_auth(pam_handle_t *pamh, const char *user, + const struct ip_addr *remote_ip, const char **error) { void *item; int status; + const char *addr; *error = NULL; + if ((addr = net_ip2addr(remote_ip)) + && (status = pam_set...

..., and/or suggestion a route to take to fix? After doing some debugging, it looks like the problem is a seg fault at: sshd.c:void pam_cleanup_proc(void *context) =========================================== debug("PAM_retval(open_session) about to run"); pam_retval = pam_open_session((pam_handle_t *)pamh, 0); debug("PAM_retval(open_session) successful"); if (pam_retval != PAM_SUCCESS) { log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); do_fake_authloop(username); } ========================================== PAM...

..., which sends a pam handler with null passwords for authentication. pls refer source/auth/auth.c and source/auth/pampass.c which has functions like smb_pam_accountcheck in which pam_acctmgmt() sending a pamhandler pointer pamh. The samba code has pointer pamh referring to the sturucture called pam_handle_t . For the structure pam_handle_t , we found a type definition pam_handle in security/pam_appl.h . and no more information in pam_handle is available. Is the solaris pam modules lacks some files or our installation of solaris lacks some files? Any suggestions to proceed with pam authentication woul...

...a cast sshd.c:231: too many arguments to function `pam_strerror' ... more of these... make: *** [sshd.o] Error 1 >From the 4.2 box: grep pam_strerror _pam_types.h extern const char *pam_strerror(int errnum); >From a 5.2 box: grep pam_strerror _pam_types.h extern const char *pam_strerror(pam_handle_t *pamh, int errnum); If I do the obvious patch of just removing the pam_handle parameter in sshd.c, there are still non-pam warnings, and compilation breaks: gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\" -DASKPASS_PROGRAM=\"/...

..."Warning: You password has expired, please change it now" +static void start_pam2(struct passwd *pw, int auth_type); + /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -53,6 +56,7 @@ static struct pam_handle_t *pamh = NULL; static const char *pampasswd = NULL; static char *pam_msg = NULL; +static int current_auth_type=-1; /* PAM conversation function. This is really a kludge to get the password */ /* into PAM and to pick up any messages generated by PAM into pamconv_msg */ @@ -61,6 +65,7 @@ { st...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

...hich might in principle + * also need to be protected by mutexes. But none of the others is a + * handle into an external black box (like PAM). And in the current state + * of the code, none of these global variables (even sshpam_handle) is + * ever changed from more than one thread. + */ +static pam_handle_t *grab_pamh(int set, pam_handle_t *value) +{ + pid_t pid_holder; + /* It's not safe to use pthread structures created for our parent + * (if we've been forked our pid will have changed). Reinitialize + * everything if this has happened (we know beforehand that these + * structures can...

...PAM headers for brokenness otp_CFLAGS="$CFLAGS" # save CFLAGS="$CFLAGS $EXTRA_CFLAGS -Werror" # Linux-PAM has (incorrectly) overdone const AC_MSG_CHECKING(for extra const in PAM headers) AC_TRY_COMPILE([#include <security/pam_appl.h>], [ pam_handle_t *pamh = NULL; char *item; pam_get_item(pamh, PAM_SERVICE, (void **) &item); ], [ AC_MSG_RESULT(no) DEFINES="$DEFINES -DPAM_GET_CONST=" ], [ AC_M...

I'm working with the latest code (pre14) with some patches I've made to get a clean compile. Running the sshd I get a segfault inside of pam_open_session. Figured I'd get a look at the data structures. I can't find them. There's a #typedef struct pam_handle pam_handle_t; in security/pam_appl.h, but I can't find a reference for pam_handle. Am I on drugs? Also, has anyone tried turning off pam for testing. Oh, is that ugly. It works, and I get a connection, but there's problems in the pty mapping that I couldn't get fixed with an stty command. Ben

...tication. > My module was written to eleminate the need for a patched ssh daemon so > I was not happy to see that PAM_RHOST was not set until do_pam_account() > which is called from within an 'if (authenticated)' in auth[12].c > What I would like to see is a > pam_set_item((pam_handle_t *)pamh, PAM_RHOST, get_canonical_hostname()); > as soon as possible in the code, before authentication. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853 -------------- next part ------------...