search for: pam_rus

Everyone, First my apologies if this has been discussed before on this list, I was unable to find reference to it in the archives. I have a pam module that requires PAM_RUSER to be set however Ive found that if I connect to the remote server (where the pam module is installed) via ssh the PAM_RUSER variable is never set. The PAM_RUSER variable is set within auth-pam.c (line 239 in 3.6p1) as such: int do_pam_account(char *username, char *remote_user) { ... if (re...

By looking at the code, I saw that PAM_RUSER is not set by sshd. Is there a reason why ? If I write a patch to add that feature, is there a chance for it to be included in the main distrib ? Best regards, Arnauld

...m_stack[23836]: NOT passing PAM_FAIL_DELAY to child: source not set May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_OLDAUTHTOK to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_USER to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi OpenSSH'ers, I am emailing you to ask is it possible to record failed passwords attempts and log them to syslog? Are there patches available for this? Has anyone managed to do this before? Are there alternitive methods? Many Thanks, A - -- Alan Neville, Postgraduate Education Officer, DCU Students' Union 2009/2010, BS.c Computer

...tatus(FATAL_OUTOFMEM, "Out of memory"); break; @@ -240,7 +253,7 @@ static void set_pam_items(struct auth_request *request, pam_handle_t *pamh) host = net_ip2addr(&request->remote_ip); if (host != NULL) (void)pam_set_item(pamh, PAM_RHOST, host); - (void)pam_set_item(pamh, PAM_RUSER, request->user); + (void)pam_set_item(pamh, PAM_RUSER, pam_username_lookup(request)); /* TTY is needed by eg. pam_access module */ (void)pam_set_item(pamh, PAM_TTY, "dovecot"); } @@ -262,7 +275,7 @@ pam_verify_plain_call(struct auth_request *request, const char *service, ctx.r...

...> your "pamh" handle somehow. thank you, and how would one do this? considering that my 'pamh' handle is being used three times prior to that, in: pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host); pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user); pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); all in the same function, I would have thought that this would have been okay...all of the above go through successfully... my only real "reference" for PAM is wu-ftpd, in which the pam authentication stuff all wo...

...al("PAM set rhost failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } if (remote_user != NULL) { debug("PAM setting ruser to \"%.200s\"", remote_user); - pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user); + pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); if (pam_retval != PAM_SUCCESS) { fatal("PAM set ruser failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } } - pam_retval = pam_acct_mgmt((...

...fc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0 ) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1 5cbf60) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1" (0x15cbf80) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_AUTHTOK) = 0x15cc070 Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_CONV) = 0x15cfe40 Mar 23 10:37:50 komp14 dovecot-...

I've a server where clients can connect to using direct-streamlocal at openssh.com. I want that the server "knows" the address of the client. I've tried using the peercredentials of the process connecting my server (which is a sshd process) and check the environment. I thought that in the environment the var SSH_CLIENT would be set, but that did not work. This sshd process has

...ostname()); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - if (remote_user != NULL) { debug("PAM setting ruser to \"%.200s\"", remote_user); pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); @@ -310,6 +302,14 @@ if (pam_retval != PAM_SUCCESS) { fatal("PAM initialisation failed[%d]: %.200s", + pam_retval, PAM_STRERROR(pamh, pam_retval)); + } + + debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); + pam_retval = pam...

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

...pam_get_item(): entering: PAM_USER Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user: woodsb02 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got ruser: woodsb02 Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_SERVICE Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS Feb 11 09:20:40 mail...

...: PAM_USER > Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS > Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS > Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user: > woodsb02 > Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER > Feb 11 09:20:40 mail auth: in pam_get_item(): returning > PAM_SUCCESS > Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got ruser: woodsb02 > Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_SERVICE > Feb 11 09:20:40 mail auth: in pam_get_item(): returning > PA...

...M_FAIL_DELAY to child: source not set May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: NOT passing PAM_OLDAUTHTOK to child: source is NULL May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: passing PAM_RHOST to child May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: NOT passing PAM_RUSER to child: source is NULL May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: passing PAM_SERVICE tochild May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: NOT passing PAM_TTY tochild: source is NULL May 28 10:04:14 mrtg_monitor@northrock pam_stack[30985]: passing PAM_USER to child May...