Displaying 20 results from an estimated 25 matches for "pam_prompt_echo_off".
2002 May 30
1
3.2.3p1/auth-pam.c: PAM_PROMPT_ECHO_OFF in INITIAL_LOGIN pam state
I have been unable to use any challenge/response based pam module (eg.
pam_opie.so) for ssh authentication, because the challenge (needed to
compute an appropriate response) is never shown during login.
do_pam_conversation() in auth-pam.c will not print any prompts while in the
INITIAL_LOGIN state, queueing them for later printing.
Should users be able to override this (usually correct)
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2009 Dec 01
1
Password Change from Windows machines ("You do not have permission to change your password")
...asschange_conv(284)
smb_pam_passchange_conv: starting converstation for 1 messages
[2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(312)
smb_pam_passchange_conv: Processing message 0
[2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(346)
smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: New password:
[2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352)
smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |*enter
new * password:*| to |New password:|
[2009/11/30 23:23:37, 10] auth/pampass.c:smb_pam_passchange_conv(352)
smb_pam_passchange_con...
2001 Oct 26
5
New password echoes on Sol8
I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different
version that just calls getpassphrase(). It appears to solve the echo
problem when the user tries to login in interactive mode and needs to
change their password.
Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add:
#define HAVE_GETPASSPHRASE
... to config.h when compiling (since it's not a configurable
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...uot;);
+ response = packet_get_string(&dlen);
+ debug("got response '%s'", response);
+ packet_integrity_check(plen, 4 + dlen, type);
+ reply[count].resp = xstrdup(response);
+ reply[count].resp_retcode = PAM_SUCCESS;
+ xfree(response);
+ break;
+
case PAM_PROMPT_ECHO_OFF:
- if (__pampasswd == NULL) {
+ if (__pampasswd == NULL ||
+ pamprompt != PAM_PROMPT_ECHO_OFF) {
free(reply);
return PAM_CONV_ERR;
}
@@ -198,8 +236,8 @@
}
}
-/* Attempt password authentation using PAM */
-int auth_pam_password(struct passwd *pw, const char *passwo...
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...ITIAL_LOGIN;
+/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
+static int password_change_required = 0;
+
+/*
+ * PAM conversation function.
+ * There are two states this can run in.
+ *
+ * INITIAL_LOGIN mode simply feeds the password from the client into
+ * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output
+ * messages with pam_msg_cat(). This is used during initial
+ * authentication to bypass the normal PAM password prompt.
+ *
+ * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1)
+ * and outputs messages to stderr. This mode is used if pam_chauthtok()
+ *...
2003 Jun 20
1
Problems with conversation functions PAM + OpenSSH
Hello
sorry, for bothering you with this problem, but I ca't find solutions.
I write small PAM module, and I've got the problem with conversation
function with OpenSSH 3.5p1.
When the message style is PAM_PROMPT_ECHO_ON, or PAM_PROMPT_ECHO_OFF
everything is allright. But when I use PAM_TEXT_INFO, or PAM_ERROR_MSG,
ssh prints nothing on the client side. Does anyone know the reason of
this, and how can I print messages to the user.
Kuba
----------------------------------------------------------
Jakub Jurkiewicz
kura at icm.edu.pl
k...
2020 Apr 25
0
[Bug 3154] New: Issue with showing info and error messages from a blocking PAM module
...a.mindrot.org/attachment.cgi?id=3388&action=edit
PAM module that demonstrates the problem
I've stumbled across an apparent issue with showing messages using
PAM_TEXT_INFO style from a PAM module that blocks for (non-keyboard)
user input. The same thing happens when using PAM_ERROR_MSG, but
PAM_PROMPT_ECHO_OFF/ON work correctly.
Attached is an example module that works properly with sudo, but shows
both messages at the same time, at the end of the PAM stack execution,
when trying to log into a server running sshd.
Note that nothing is displayed from previous PAM modules either, i.e.
if I put pam_echo m...
2014 Oct 14
1
auth-worker goes wild
.../passdb-pam.c ti. okt. 14 12:02:28 2014
@@ -85,6 +85,8 @@
string = strdup(ctx->request->user);
if (string == NULL)
i_fatal_status(FATAL_OUTOFMEM, "Out of memory");
+ if (strlen(string) == 0)
+ i_fatal_status(FATAL_OUTOFMEM, "NO USER?");
break;
case PAM_PROMPT_ECHO_OFF:
/* Assume we're asking for password */
2022 Oct 10
1
[Bug 3481] New: PAM_TEXT_INFO messages are shown twice if they are the last conversation
...oftware;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
However, when I add a conversation "Press Enter to continue" of type
PAM_PROMPT_ECHO_OFF just before the PAM module returns, I get this:
$ ssh ascz at client.vm.scz-vm.net
(ascz at client.vm.scz-vm.net) Please sign in to:
https://sbs.scz-vm.net/weblogin/weblogin/fd0cc5e5-a0f4-4eb6-a14b-68196ed7110f
Verification code:
(ascz at client.vm.scz-vm.net) User admin has authenticated success...
2005 Jun 21
1
problem with pam_converse with openssh protocol version 1
...ately and I was
to write more strict authorization modules for pam. One of it works
asking for some kind of additional security string (for example pin from
some kind of token). It is done by pam module, which asks calling
application to do conversation for him:
prompt_msg.msg_style = PAM_PROMPT_ECHO_OFF;
prompt_msg.msg=strdup("Enter PIN:");
pmsg[i++] = &prompt_msg;
retval = pam_get_item(pamh, PAM_CONV,(void *) &conv);
if (retval != PAM_SUCCESS)
return PAM_SYSTEM_ERR;
retval = conv->conv (i,(CONST struct pam_message
**)&am...
2002 Apr 26
0
PAM keyboard-interactive
...O_ON:
+ ctxt = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+ if ((*resp = calloc(n, sizeof **resp)) == NULL)
+ return (PAM_BUF_ERR);
+ for (i = 0; i < n; ++i) {
+ resp[i]->resp_retcode = 0;
+ resp[i]->resp = NULL;
+ switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
- context_pam2.num_expected++;
+ pam_send(ctxt, "p%s", msg[i]->msg);
+ resp[i]->resp = pam_receive(ctxt);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ pam_send(ctxt, "P%s", msg[i]->msg);
+ resp[i]->resp = pam_receive(ctxt);
break;
- case PAM_TEXT_INFO:...
2004 Jun 01
1
Sending immediate PAM auth failure messages via kbd-int
Hi.
One thing that people seem to want to do with PAM is to deny a login
immediately without interacting but return a message to the user. (Some
platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd
will just deny the login and the user will not be told why.
Attached it a patch that return a keyboard-interactive packet with the
message in the "instruction"
2009 Dec 03
9
[Bug 1681] New: conversation function for passwd auth method assumes instead of fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1681
Summary: conversation function for passwd auth method assumes
instead of fail
Product: Portable OpenSSH
Version: 5.3p1
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo:
2002 Jul 02
3
New PAM kbd-int diff
...data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+ if ((*resp = calloc(n, sizeof(struct pam_response))) == NULL)
+ return (PAM_BUF_ERR);
+ for (i = 0; i < n; ++i) {
+ resp[i]->resp_retcode = 0;
+ resp[i]->resp = NULL;
+ switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
- context_pam2.num_expected++;
+ sshpam_send(ctxt, "p%s", msg[i]->msg);
+ resp[i]->resp = sshpam_receive(ctxt);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ sshpam_send(ctxt, "P%s", msg[i]->msg);
+ resp[i]->resp = sshpam_receive(ctxt);
break;
- case PAM_T...
2007 Jun 05
2
pam_ldap-184 compile error
...57: error: `PAM_PERM_DENIED' undeclared (first use in
this function)
pam_ldap.c: At top level:
pam_ldap.c:3208: error: syntax error before '*' token
pam_ldap.c: In function `_get_authtok':
pam_ldap.c:3212: error: storage size of 'msg' isn't known
pam_ldap.c:3217: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use in
this function)
pam_ldap.c:3218: error: `first' undeclared (first use in this function)
pam_ldap.c:3221: error: `pamh' undeclared (first use in this function)
pam_ldap.c:3221: error: `PAM_CONV' undeclared (first use in this function)
pam_ldap.c:3221: warning...
1998 Oct 07
1
Re: sshd and PAM [summary]
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
I''ve got several replies, thank you for them. Let me summarize:
o Many people say there is a PAMified version of ssh available at
ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source)
ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries)
(there are analogous paths for the other architectures). The packages
are made by Jan
2002 Jun 25
4
PAM kbd-int with privsep
...O_ON:
+ ctxt = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+ if ((*resp = calloc(n, sizeof **resp)) == NULL)
+ return (PAM_BUF_ERR);
+ for (i = 0; i < n; ++i) {
+ resp[i]->resp_retcode = 0;
+ resp[i]->resp = NULL;
+ switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
- context_pam2.num_expected++;
+ sshpam_send(ctxt, "p%s", msg[i]->msg);
+ resp[i]->resp = sshpam_receive(ctxt);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ sshpam_send(ctxt, "P%s", msg[i]->msg);
+ resp[i]->resp = sshpam_receive(ctxt);
break;
- case PAM_T...
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
...nv_msg */
@@ -61,6 +65,7 @@
{
struct pam_response *reply;
int count;
+ int dlen, plen, type;
/* PAM will free this later */
reply = malloc(num_msg * sizeof(*reply));
@@ -70,13 +75,58 @@
for(count = 0; count < num_msg; count++) {
switch (msg[count]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
- if (pampasswd == NULL) {
- free(reply);
- return PAM_CONV_ERR;
+ if (current_auth_type==SSH_CMSG_AUTH_TIS && pampasswd==NULL) {
+ /* TIS */
+ int prompt_len;
+...
2003 Jan 10
0
Samba-2.2.7a Compile error --with-pam
...d (first use
in this function)
nsswitch/pam_winbind.c:289: storage size of `msg' isn't known
nsswitch/pam_winbind.c:295: `comment' undeclared (first use in this
function)
nsswitch/pam_winbind.c:297: `PAM_TEXT_INFO' undeclared (first use in this
function)
nsswitch/pam_winbind.c:305: `PAM_PROMPT_ECHO_OFF' undeclared (first use in
this function)
nsswitch/pam_winbind.c:306: `prompt1' undeclared (first use in this
function)
nsswitch/pam_winbind.c:309: `prompt2' undeclared (first use in this
function)
nsswitch/pam_winbind.c:325: arithmetic on pointer to an incomplete type
nsswitch/pam_winbi...