Displaying 18 results from an estimated 18 matches for "pam_putenv".
2005 Apr 06
1
dovecot crashes
I'm getting these over and over again in my dovecot [CVS] logs. I'm
using PAM for authentication- something that worked a few weeks ago.
Apr 6 15:22:11 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY>
Apr 6 15:22:11 [dovecot-auth] PAM pam_putenv: delete non-existent
entry; XAUTHORITY
dovecot: Apr 06 15:22:16 Warning: Killed with signal 2
dovecot: Apr 06 15:22:16 Error: child 25731 (imap) killed with signal 2
dovecot: Apr 06 15:22:16 Error: child 27545 (login) killed with signal 2
dovecot: Apr 06 15:22:16 Error: child 20320 (login) killed...
2003 Oct 29
1
Environment set on PAM module is not visible to user
We're using an internal PAM module (Linux) that sets a few environment
variables using pam_putenv (on pam_sm_authenticate). In version 3.6.1p1i
such variables are visible to the user (as expected), but since 3.7p1
they are not...
Is this the expected behaviour?
Thanks in advance,
Jose
____________________________________________________________________________
Jose A. Rodriguez...
2013 Oct 14
1
Provide AcceptEnv variables to a Linux PAM module?
I've been looking for a while and can't figure out for sure if variables
allowed by AcceptEnv are readable by a PAM module. I looked through the
openssh source code and found a few calls to pam_putenv(), which looks
like the relevant call, but I don't see anything that would copy over
AcceptEnv variables. Am I correct that the variables are not available
to PAM? I'm guessing there are security implications to passing
arbitrary variables through to PAM but is there some other way I...
2012 Sep 24
3
[Bug 2043] New: memleak in import_environments
https://bugzilla.mindrot.org/show_bug.cgi?id=2043
Priority: P5
Bug ID: 2043
Assignee: unassigned-bugs at mindrot.org
Summary: memleak in import_environments
Severity: trivial
Classification: Unclassified
OS: All
Reporter: arthurmesh at gmail.com
Hardware: All
Status: NEW
Version:
2003 Aug 22
1
GSSAPI patch sync from OpenBSD to Portable
Hi All.
Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh.
There are patches. The first [1] is a straightforward port of the
OpenBSD code to Portable.
The second [2] contains the parts I've stolen from Simon Wilkinson's
portable GSSAPI patch in an attempt to make it build. It is incomplete
and doesn't currently work.
The PAM support is not there and
2017 May 06
3
[Bug 2712] New: Add fingerprint of key used for public key authentication to PAM handle
...now I don't have any possibility
to figure out which actual user has now logged in on behalf of user x.
A solution to this problem is that OpenSSH makes the fingerprint of the
key that has been (succesfully) used during public key authentication
available within the PAM space (pam_set_data() / pam_putenv()).
In this case one could hook in another PAM module e.g. for session
management that obtains the fingerprint and work with it (e.g. mapping
to user and making it available in user environment).
--
You are receiving this mail because:
You are watching the assignee of the bug.
2004 Mar 30
2
[Bug 688] PAM modules relying on module-private data (pam_dhkeys, pam_krb5, AFS) fail
...e process credentials (eg a PAG
for AFS or the stored DH keys, however they are stored), that private data is
not available to module, so the credentials are not established.
The data stored by pam_set_data is completely inacessible to the application (ie
sshd). If is was stored via pam_set_item, pam_putenv or the normal environment
space, it can be copied to the main sshd process (and in 3.8 and up, it is).
Currently, the only known workaround is to enable the use of POSIX threads, as
Paul discovered. This is because the module-private data is stored in the same
address space as the main sshd, and...
2004 Nov 11
2
openssh-3.7p1+ and PAM on OS X
Hello list,
Bug 688 is causing me a massive headache on OS X.
The fact that each PAM authentication takes place in a separate process
means the PAM context data isn't shared and therefore prevents the
passing of data between modules. (pam_set_data, and pam_get_data)
Compiling with pthreads isn't really an option because of the added
security risk and the fact that some of the PAM
2017 Jul 10
7
[Bug 2741] New: Export Port to PAM
...a good way to correlate output of PAM modules to the session
as only the clients host (PAM_RHOST) is exported to the PAM
environment. If the clients port was accessible within PAM it can be
included in log messages and thus correlated to a session. Export can
be e.g. done through pam_set_item() or pam_putenv().
--
You are receiving this mail because:
You are watching the assignee of the bug.
2009 Feb 03
1
[Announce] Samba 3.2.8 Maintainance Release Available
...AME.
* Remove a few unnecessary checks from the streams xattr module.
* Remove a few unnecessary checks from the streams xattr module.
o Andreas Schneider <anschneider@suse.de>
* Fix a segfault if ? is there but the options are NULL.
* Avoid flooding of syslog with failing pam_putenv messages.
* Document default of the printing config variable.
* Use talloc_tos() instead of the talloc NULL context.
o Karolin Seeger <kseeger@samba.org>
* BUG 6058: Use ''make distclean'' instead of ''make clean'' in build_docs.
* BUG 6000:...
2009 Feb 03
1
[Announce] Samba 3.2.8 Maintainance Release Available
...AME.
* Remove a few unnecessary checks from the streams xattr module.
* Remove a few unnecessary checks from the streams xattr module.
o Andreas Schneider <anschneider@suse.de>
* Fix a segfault if ? is there but the options are NULL.
* Avoid flooding of syslog with failing pam_putenv messages.
* Document default of the printing config variable.
* Use talloc_tos() instead of the talloc NULL context.
o Karolin Seeger <kseeger@samba.org>
* BUG 6058: Use ''make distclean'' instead of ''make clean'' in build_docs.
* BUG 6000:...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_chauthtok(): %s",
- pam_strerror(sshpam_handle, sshpam_err));
+ pam_strerror(grab_pamh(0, NULL), sshpam_err));
}
/*
@@ -706,7 +803,7 @@
compound = xmalloc(len);
snprintf(compound, len, "%s=%s", name, value);
- ret = pam_putenv(sshpam_handle, compound);
+ ret = pam_putenv(grab_pamh(0, NULL), compound);
xfree(compound);
#endif
@@ -724,7 +821,7 @@
{
#ifdef HAVE_PAM_GETENVLIST
debug("PAM: retrieving environment");
- return (pam_getenvlist(sshpam_handle));
+ return (pam_getenvlist(grab_pamh(0, NULL)));
#els...
2019 Oct 09
0
Announce: OpenSSH 8.1 released
...1) and when listing public keys available in
a token using ssh-keygen(1). bz#3006
Portability
-----------
* ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
bz#3030
* ssh(1), sshd(8): fix typo that prevented detection of Linux VRF
* sshd(8): add no-op implementation of pam_putenv to avoid build
breakage on platforms where the PAM implementation lacks this
function (e.g. HP-UX). bz#3008
* sftp-server(8): fix Solaris privilege sandbox from preventing
the legacy sftp rename operation from working (was refusing to
allow hard links to files owned by other users). b...
2009 Jan 27
1
[Announce] Samba 3.3.0 Available for Download
...checks from the streams xattr module.
* Remove a few unnecessary checks from the streams depot module and fix to
work with NTRENAME.
o Andreas Schneider <anschneider@suse.de>
* Fix a segfault if ? is there but the options are NULL.
* Avoid flooding of syslog with failing pam_putenv messages.
o Karolin Seeger <kseeger@samba.org>
* BUG 6000: Avoid bashism in perfcount.init.
* Change default value of "ldap ssl" to "start tls".
* Update version number in the manpages.
* Fix several small issues and typos in the manpages.
* Check i...
2009 Jan 27
1
[Announce] Samba 3.3.0 Available for Download
...checks from the streams xattr module.
* Remove a few unnecessary checks from the streams depot module and fix to
work with NTRENAME.
o Andreas Schneider <anschneider@suse.de>
* Fix a segfault if ? is there but the options are NULL.
* Avoid flooding of syslog with failing pam_putenv messages.
o Karolin Seeger <kseeger@samba.org>
* BUG 6000: Avoid bashism in perfcount.init.
* Change default value of "ldap ssl" to "start tls".
* Update version number in the manpages.
* Fix several small issues and typos in the manpages.
* Check i...
2019 Oct 01
9
Call for testing: OpenSSH 8.1
...1) and when listing public keys available in
a token using ssh-keygen(1). bz#3006
Portability
-----------
* ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
bz#3030
* ssh(1), sshd(8): fix typo that prevented detection of Linux VRF
* sshd(8): add no-op implementation of pam_putenv to avoid build
breakage on platforms where the PAM implementation lacks this
function (e.g. HP-UX). bz#3008
* sftp-server(8): fix Solaris privilege sandbox from preventing
the legacy sftp rename operation from working (was refusing to
allow hard links to files owned by other users). b...
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |