Displaying 20 results from an estimated 72 matches for "pam_rhost".
2006 Jan 16
0
passdb-pam: PAM_RHOST on FreeBSD >= 5.0 (where PAM != Linux-PAM)
...in the past
few -stable and alpha releases, but did not get to and instead always
patched myself. Now having updated to the latest snapshot (which may
be released as beta1), I stumbled on it again:
In src/auth/passdb-pam.c, where the client host is passed to PAM, the
code looks like this:
#ifdef PAM_RHOST
const char *host = net_ip2addr(&request->remote_ip);
if (host != NULL)
pam_set_item(pamh, PAM_RHOST, host);
#endif
For some reason there is a preprocessor/compile-time check whethere
there exists such a preprocessor symbol as the PAM item PAM_RHOST (why
check that? IIRC PAM_RHOST is...
2000 Dec 27
0
PAM_RHOST not available for authentication
Hi
and here's an feature request from a user/developer, wher I would like
to hear your comments again. Thanks
> The PAM_RHOST item, which tells PAM which remote host it is conversing
> with, is currently set by OpenSSH _after_ authentication is made. This
> is not a good thing for me, as a have written a module which needs the
> IP of the peer as a part of authentication.
> My module was written to eleminate...
2004 Jun 14
1
PAM_RHOST item
A little problem, which is bugging me: when using PAM authentication,
Dovecot (0.99.5) does not set the PAM_RHOST item, so the PAM modules
cannot know who the client is. We need this for some PAM module doing
access control.
Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged
as to how to get the client name from there. It seems not to be
available in the auth_request strut or anythin...
2023 Mar 28
0
Fwd: PAM_RHOST set to "UNKNOWN" when running in inetd mode without IP socket
Hi,
When running in inetd mode (-i), if stdin/stdout are not an IP socket,
sshd will set PAM_RHOST to "UNKNOWN" which causes a reverse DNS lookup
by pam that always fails because "UNKNOWN" cannot be resolved.
I've posted a possible fix here:
https://github.com/openssh/openssh-portable/pull/388
Cheers,
Daan De Meyer
2008 May 23
1
how to debug ssh slow connection issues.
...21 pam_stack[23836]: passing PAM_CONV to child
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_FAIL_DELAY to
child: source not set
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_OLDAUTHTOK to
child: source is NULL
May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to child
May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to
child: source is NULL
May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to child
May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to child
May 23 12:01:56 192.168.1.21 pam_stack[23836]: p...
2004 Oct 29
2
Logging and libwrap
Hi,
A few things regarding logging and libwrap..
a) PAM_RHOST patch
Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the
remote IP. Is this going to be included in the main dovecot tree? It
seems like a worthwhile addition. The more informative and concise the
logging the better.
See http://www.dovecot.org/list/dovecot/2004-July/004...
2004 Jul 09
1
passing remote ip to pam
to improve forensic log info i want to set the PAM_RHOST value to the
remote ip (which pam logs as rhost=foo in failure messages). i didn't
look to see if anything has been done in this way on CVS because i'm still
on 0.99.10.6.
below is a bit of a hack. in some sense the remote_ip might make more
sense in the AUTH_LOGIN_REQUEST_NEW packet rat...
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
...bind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_USER) = "roy" (0x1021aa8)
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_TTY) = "ssh" (0x102c040)
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_RHOST) = "192.168.2.240" (0x102c028)
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_AUTHTOK) = 0x1021ab8
Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_CONV) = 0x102c068
Jul 24 10:13:18 pi-dc sshd[865]: pam_...
2001 Mar 01
1
Bug report against openssh-2.3.0p1
...side pam_open_session. Truss
shows that the lastlog file has just been opened for writing.
Non-interactive uses of ssh work.
The cause is that, on this route through the code,
do_pam_account is _not_ called, but do_pam_session is.
This results in pam_open_session being called with PAM_TTY
set but PAM_RHOST not set. (In the non-interactive case,
PAM_TTY is not set either, so the PAM module does not try
to update lastlog, and so does not look at PAM_RHOST).
The SIGSEGV might be regarded as a bug in Sun's code, but the
failure to set PAM_RHOST in the case of a passwordless login
is a bug in OpenSSH...
2010 Jul 20
5
Record Failed Passwords
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi OpenSSH'ers,
I am emailing you to ask is it possible to record failed passwords
attempts and log them to syslog? Are there patches available for this?
Has anyone managed to do this before? Are there alternitive methods?
Many Thanks,
A
- --
Alan Neville,
Postgraduate Education Officer,
DCU Students' Union 2009/2010,
BS.c Computer
2017 Mar 13
1
pam_winbind with trusted domain
...inbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_USER) = "DOMREMOTE\testuser" (0x7fc74c2c9fe0)
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_TTY) = "ssh" (0x7fc74c2e15f0)
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_RHOST) = "192.168.1.1" (0x7fc74c2e15d0)
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_AUTHTOK) = 0x7fc74c2caec0
sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_CONV) = 0x7fc74c2e0cf0
sshd[9569]: pam_winbind(sshd:auth): getting password (0x...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...dle_lock_count && sshpam_handle_lock_ready) {
+ sshpam_handle_lock_ready = 0;
+ pthread_mutexattr_destroy(&lock_attr);
+ pthread_mutex_destroy(&sshpam_handle_lock);
+ }
+#endif
}
static int
@@ -296,30 +370,53 @@
extern u_int utmp_len;
extern char *__progname;
const char *pam_rhost, *pam_user;
+ pam_handle_t *sshpam_handle_holder;
+
+#ifdef USE_POSIX_THREADS
+ /* (Re)initialize our pthread structures if it's safe to do so. Only
+ * free them if they were previously initialized and they aren't
+ * currently in use.
+ */
+ if (!process_id)
+ process_id = getpid();...
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again.
Im running out of options..
When i look at :
https://wiki.samba.org/index.php/PAM_Offline_Authentication
You can do these last checks.
Run the : Testing offline authentication as show on the wiki.
Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it.
Check if these packages are installed.
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
...rg.au
-------------- next part --------------
--- auth-pam.c.orig Sat Feb 10 13:01:35 2001
+++ auth-pam.c Sat Feb 10 14:14:53 2001
@@ -191,14 +191,6 @@
{
int pam_retval;
- debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname());
- pam_retval = pam_set_item(pamh, PAM_RHOST,
- get_canonical_hostname());
- if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set rhost failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(pamh, pam_retval));
- }
-
if (remote_user != NULL) {
debug("PAM setting ruser to \"%.200s\"", remote_user);
pam_retval...
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
...; well its obviously blowing up on pam_open_session, so you need to validate
> your "pamh" handle somehow.
thank you, and how would one do this? considering that my 'pamh' handle
is being used three times prior to that, in:
pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host);
pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
all in the same function, I would have thought that this would have been
okay...all of the above go through successfully...
my only real "refer...
2005 Sep 26
2
Hostname passed to PAM as rhost
(I am sorry to bother the list with something I should have verified
myself right now - I simply do not have access to the source code
here)
Thinking of some limit I wanted to put with authentication, I am
wondering - when Dovecot authenticates a user using PAM, now that
(in 1.0) it passes the rhost item to PAM, it passes a hostname, not
an IP address.
Does it double-verify the DNS record
2017 Jul 10
7
[Bug 2741] New: Export Port to PAM
...t mindrot.org
Reporter: seroland86 at gmail.com
Since OpenSSH 7.2 it is possible to identify sessions within log files
as session-related log entries include the clients port. Right now I
don't see a good way to correlate output of PAM modules to the session
as only the clients host (PAM_RHOST) is exported to the PAM
environment. If the clients port was accessible within PAM it can be
included in log messages and thus correlated to a session. Export can
be e.g. done through pam_set_item() or pam_putenv().
--
You are receiving this mail because:
You are watching the assignee of the bug.
2013 Nov 28
4
SSH - Winbind and Keybased Auth
...ITEM(PAM_USER) = "nathan" (0x7f6b826837f0)
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_TTY) = "ssh" (0x7f6b8268dbd0)
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_RHOST) = "mycomputer.domain.local" (0x7f6b82684610)
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_CONV) = 0x7f6b82683810
Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): user 'nathan' granted access
Nov 28 17:34...
2014 Jan 02
2
pam_winbind fails to authenticate domain users on my debian wheezy domain member servers
...4cb2030] STATE: ITEM(PAM_USER) = "georg" (0x7f1d54ca9f00)
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_TTY) = "ssh" (0x7f1d54cb21d0)
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_RHOST) = "192.168.0.107" (0x7f1d54cb21b0)
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_AUTHTOK) = 0x7f1d54ca83e0
Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh:
0x7f1d54cb2030] STATE: ITEM(PAM_CONV) = 0x7f1d54cb2210
Jan 2 1...
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...TRERROR((pam_handle_t *)pamh, pam_retval));
+ pw->pw_name, PAM_STRERROR(pamh, pam_retval));
return 0;
}
}
@@ -157,33 +190,35 @@
int pam_retval;
debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname());
- pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST,
+ pam_retval = pam_set_item(pamh, PAM_RHOST,
get_canonical_hostname());
if (pam_retval != PAM_SUCCESS) {
fatal("PAM set rhost failed: %.200s",
- PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ PAM_STRERROR(pamh, pam_retval));
}
if (remote_user != NULL) {
debug(...