Displaying 5 results from an estimated 5 matches for "pam_perm_denied".
2001 Oct 26
1
PAM session cleanup on Sol8 with v2.9.9p2
In do_pam_cleanup_proc(), there are 3 calls to PAM:
1) pam_close_session() - do lastlog stuff
2) pam_setcred(PAM_DELETE_CRED) - delete credentials
3) pam_end() - close PAM
It appears that pam_setcred() always fails with the error PAM_PERM_DENIED.
This is due to a check done pam_unix.so to not allow a caller with euid 0
to even try to delete their SECURE_RPC credentials. When sshd calls
pam_setcred() to delete the credentials, evidentally, it is running with
euid 0, so the checks in pam_unix.so guarantee failure - which means the
user'...
2007 Jun 05
2
pam_ldap-184 compile error
...error: `PAM_SUCCESS' undeclared (first use in this function)
pam_ldap.c: At top level:
pam_ldap.c:2347: error: syntax error before '*' token
pam_ldap.c: In function `_service_ok':
pam_ldap.c:2353: error: `session' undeclared (first use in this function)
pam_ldap.c:2355: error: `PAM_PERM_DENIED' undeclared (first use in
this function)
pam_ldap.c:2358: warning: implicit declaration of function `pam_get_item'
pam_ldap.c:2358: error: `pamh' undeclared (first use in this function)
pam_ldap.c:2358: error: `PAM_SERVICE' undeclared (first use in this function)
pam_ldap.c:2358: wa...
2020 Sep 08
23
[Bug 3210] New: Confusing errors when pam_acct_mgmt() fails
...bug #1188 introduced an unconditional override of return
value from pam_acct_mgmt(), setting PAM_ACCT_EXPIRED on any error from
account step.
It could have been 15 years ago, when there were not any other reasons
why this function could fail, but these days, there are at least
PAM_USER_UNKNOWN and PAM_PERM_DENIED (from Fedora 32 man pages). In
these cases, openssh goes into unexpected code paths giving confusing
error messages, such as:
pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0
tty=ssh ruser= rhost=client user=useruser
debug1: do_pam_account: called
pam_sss(sshd:account): Access den...
2004 Jan 21
2
PAM auth stage rejection not working
Hi,
I have an auth module for PAM that I wrote a few years ago called
pam_vsd.so. The idea is that a user must have a certain privilege
before they can successfully authenticate. Without the privilege the
PAM module will return PAM_PERM_DENIED.
However I find that in OpenSSH 3.7.1p2, I can easily subvert this check
simply by hitting return 3 times on connection i.e.
[nick at localhost pam.d]$ ssh nick at host.dsvr.net
Server host.dsvr.net
Password: <hit return>
Password: <hit return>
Password: <hit return>
nick a...
2011 Aug 19
1
Password sync in 3.6.0 on OS X 10.7, Lion
My company, which is a mac-heavy shop in the printing industry, needed
to migrate to a faster file server. As our directory trees are very
large, both Samba, and Netatalk were bogging down badly on our Linux
server (Samba, due to heavy CPU usage during directory listings - the
case-sensitive file system issue, and netatalk because the cnid db was
getting too big).
Our solution was to switch to a