search for: pam_open_sess

...ts in LDAP. Since the accounts are created through a web interface on another server home directories on the mail server don't get created automatically. There's the handy pam module pam_mkhomedir.so to automagically create home directories, but unfortunatly Dovecot wasn't calling pam_open_session to run the session setup pam modules. I made a small patch to passdb-pam.c to call pam_open_session between pam_acct_mgmt and pam_get_item and now I my home dirs are automagically created and everyone is happy. So, I figured I'd share the little patch in case someone else finds it us...

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the whole environment, its failing...? anyone know how I should go about > > debug...

...pdate ? (just to make life a little easier for us rpm'ers) -- Chris L. Franklin -- ----- Original Message ----- From: "Chris L. Franklin" <cfranklin at nomadcf.com> To: <dovecot at dovecot.org> Sent: Sunday, January 30, 2005 1:49 PM Subject: RE: Dovecot doesn't call pam_open_session, thus dodging > This is great I've been wanting to get rid of my NFS mounts for some time and have just the user MailDirs be local to the web server. And this will help alot ! > > -- Chris L. Franklin -- > >> Message: 1 >> Date: Thu, 27 Jan 2005 16:08:28 -0700 &gt...

...ted > > through a web interface on another server home directories on the mail > > server don't get created automatically. There's the handy pam module > > pam_mkhomedir.so to automagically create home directories, but > > unfortunatly Dovecot wasn't calling pam_open_session to run the session > > setup pam modules. I made a small patch to passdb-pam.c to call > > pam_open_session between pam_acct_mgmt and pam_get_item and now I my > > home dirs are automagically created and everyone is happy. > > So, I figured I'd share the little p...

https://bugzilla.mindrot.org/show_bug.cgi?id=2399 Bug ID: 2399 Summary: openssh server should fatal out when pam_setcred and pam_open_session fail Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporte...

...unts for some time and have just the user MailDirs be local to the web server. And this will help alot ! -- Chris L. Franklin -- > Message: 1 > Date: Thu, 27 Jan 2005 16:08:28 -0700 > From: Nicolas Lopez <nlopez at espri.arizona.edu> > Subject: [Dovecot] Dovecot doesn't call pam_open_session, thus dodging > pam_mkhomedir > To: dovecot at dovecot.org > Message-ID: <41F9746C.8080707 at espri.arizona.edu> > Content-Type: text/plain; charset="iso-8859-1" > > I hit a small snag using Dovecot-imapd smoothly in my environment > with maildir and most...

http://bugzilla.mindrot.org/show_bug.cgi?id=1249 Summary: pam_open_session called with dropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org Reporte...

...maybe tackle this, and/or suggestion a route to take to fix? After doing some debugging, it looks like the problem is a seg fault at: sshd.c:void pam_cleanup_proc(void *context) =========================================== debug("PAM_retval(open_session) about to run"); pam_retval = pam_open_session((pam_handle_t *)pamh, 0); debug("PAM_retval(open_session) successful"); if (pam_retval != PAM_SUCCESS) { log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); do_fake_authloop(username); } ===============================...

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

Hello, all- Apparently, under Solaris (I can personally confirm SunOS 5.7 and 5.8), pam_open_session will generate a segfault if PAM_TTY is not set. The obvious symptom of this is that OpenSSH 2.9.9p2 will segfault on any operation that does not request a tty (do_exec_no_pty). Based on a quick google search, this seems to have been encountered by others, though the specific symptoms seem to h...

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the...

For root sessions pam_open_session is called, but not pam_close_session. sshd behavior is broken for root logins because if pam session is run from the child, close is never called due to exec: on open since use_privsep is not set, parent calls do_exec_pty(), which does not open session. then, it skips calling do_setuser...

..., Damien Miller wrote: > > > On Thu, 25 Oct 2001, Ed Phillips wrote: > > > > > > > What is the reasoning behind this? Do we want to see a lastlog entry for > > > > "ssh" whenever a user runs remote command? Do other OSes have > > > > pam_open_session that does more meaningful things than Solaris 8? > > > > Well... I guess the more I think about it, it's probably better to go > > > > ahead an call pam_open_session even for the non-interactive case since > > > > someone might want to implement a PAM mod...

https://bugzilla.mindrot.org/show_bug.cgi?id=1249 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49

...10:50 EDT 2001 : Last login: Fri Oct 12 13:10:52 2001 from starscream.cc.c : SunOS hola 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-60 : You have new mail. : benno[~] hola% : :Note that the last login time reported is two seconds after the connection :is initiated. It appears that this is because pam_open_session is called :before do_login. pam_open_session updates the lastlog file. When do_login :is called, it reads the already updated lastlog file and reports the time :of the session just started. To fix this, I moved the pam_open_session :call into do_login: : :--- session.c Fri Oct 12 13:05:58 2...

...s, but only on a non-interactive (ie no TTY) login. I think this behaviour was introduced with the patch cluster. First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty which is null, and segfaults. This occurs in debug mode only and is easy to fix. The next problem is that pam_open_session now seems to fail when PAM_TTY is set to NULL. debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req exec debug1: PAM: setting PAM_TTY to "(null)" PAM: pam_open_session(): Can not make/remove entry for session The code from 3.6.1p2 is doesn...

.../lib/security/pam_unix.so.1 Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 265225 local4.debug] load_function: successful load of pam_sm_setcred Sep 22 13:12:41 ldap1.udel.edu sshd[21224]: [ID 859314 local4.debug] pam_set_item(5) Sep 22 13:12:41 ldap1.udel.edu sshd[21224]: [ID 750988 local4.debug] pam_open_session() Sep 22 13:12:41 ldap1.udel.edu sshd[21224]: [ID 305314 local4.debug] load_modules: /usr/lib/security/pam_unix.so.1 Sep 22 13:12:41 ldap1.udel.edu sshd[21224]: [ID 265225 local4.debug] load_function: successful load of pam_sm_open_session Sep 22 13:12:41 ldap1.udel.edu sshd[21224]: [ID 770223 l...

...do_pam_account(void) } void -do_pam_session(void) -{ - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: failed to set PAM_CONV: %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; -} - -void do_pam_set_tty(const char *tty) { if (tty != NULL) { @@ -611,7 +594,7 @@ is_pam_password_change_require...

A few things to keep in mind: - kbd-int should call pam_authenticate(), acct_mgmt(), chauthtok(), if required, setcred(PAM_ESTABLISH_CRED) and open_session() ALL during kbd-int so that modules in each of those PAM stacks can prompt the user (pam_open_session(), for example, may prompt a user with an informational message akin to the last login message) - all userauth methods should call pam_acct_mgmt() and force kbd-int, via partial userauth failure, if pam_acct_mgmt() returns PAM_NEW_AUTHTOK_REQD (password expired) - pam_setcred(PAM_ES...

http://bugzilla.mindrot.org/show_bug.cgi?id=1002 Summary: sshd does not report failed PAM session modules to the client side Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs