search for: pam_session

...Dovecot open and immediately close PAM session. Some PAM plugins need this to work, such as pam_mkhomedir. I checked the source code in passdb-pam.c: struct pam_passdb_module { struct passdb_module module; const char *service_name, *pam_cache_key; unsigned int pam_setcred:1; unsigned int pam_session:1; unsigned int failure_show_msg:1; }; And this: /* -session for backwards compatibility */ if (strcmp(t_args[i], "-session") == 0 || strcmp(t_args[i], "session=yes") == 0) module->pam_session = TRUE; It seams to me that the session is going to be opened anyway...

...|Added ---------------------------------------------------------------------------- CC| |misiek at pld.org.pl Summary|PAM limits applied |PAM limits applied |incorrectly |incorrectly (pam_session | |being called as non-root) ------- Additional Comments From djm at mindrot.org 2002-10-16 13:09 ------- *** Bug 301 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for th...

...uter account problem, rather than a user access problem. What would the next debug steps be? [2008/04/11 12:15:59, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2008/04/11 12:15:59, 1] smbd/session.c:session_claim(143) pam_session rejected the session for domainname#marsh [smb/25659/101] [2008/04/11 12:15:59, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=101 [2008/04/11 12:15:59, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2008...

http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From dtucker at zip.com.au 2003-09-15 12:13 ------- Hey, isn't this fixed in -current? do_pam_session is now called before permanently_set_uid. Could you please try a snapshot? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rudolph at getsystems.com ------- Additional Comments From djm at mindrot.org 2003-01-07 18:31 ------- *** Bug 354 has been marked as a

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |PAM support ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...gt; would PAM trip up here, and why would the conversation matter? Limits > such as described would not be managed during pam_authenticate() (when the > conversation happens). Perhaps I am not familiar enough with nuances > of debian's PAM implementation. The problem is that we call pam_session as root, before we fork the child. Therefore the server picks up the limits, rather than the child. I recall that we tried moving the pam_session call to the child a while (~18 months) ago to avoid this problem, but other stuff broke much worse. IIRC the breakage was because we did pam_session st...

...1.el4_6.4 samba-swat-3.0.25b-1.el4_6.4 samba-client-3.0.25b-1.el4_6.4 log from /var/log/samba : [2008/01/22 16:36:18, 0] auth/pampass.c:smb_pam_error_handler(73) ? smb_pam_error_handler: PAM: session setup failed : System error [2008/01/22 16:36:18, 1] smbd/session.c:session_claim(143) ? pam_session rejected the session for ourdomain#marsh [smb/21026/101] [2008/01/22 16:36:18, 1] smbd/password.c:register_vuid(310) ? Failed to claim session for vuid=101 [2008/01/22 16:36:18, 0] auth/pampass.c:smb_pam_error_handler(73) ? smb_pam_error_handler: PAM: session setup failed : System error [2008/...

http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From djm at mindrot.org 2003-03-10 15:49 ------- Created an attachment (id=247) --> (http://bugzilla.mindrot.org/attachment.cgi?id=247&action=view) Call pam_session after child fork() Hopefully this patch will allow people to gather the feedback necessary to close this bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

heres a fix for pam support im openssh, inline and attached.. openssh calls do_pam_session early, before a fork(). it does this on the proc still running as root, so it checks the users limits, against what root has running, and depending on limits can fail at the fork() (and almost always does). this patch moves it past the fork. ive been running it for a couple of weeks and everythi...

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry in the Changelog may be responsible: 20010627 - (djm) Reintroduce pam_session call for non-pty sessions. Let me know if you need any additional info to track this down. Thank...

Hello all, On Redhat 6.2, the PAM_unix module logs the session opening, but not the session closing. This was logged as of 2.3.0p1. Upgrading to 2.5.1p1 makrs the start of the problem. Thanks in advance, Victor -- Victor J. Orlikowski ====================== v.j.orlikowski at gte.net orlikowski at apache.org vjo at us.ibm.com

...init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED); diff -u -r1.1.1.1 monitor.c --- monitor.c 24 Jun 2002 23:29:52 -0000 1.1.1.1 +++ monitor.c 25 Jun 2002 20:33:41 -0000 @@ -278,6 +278,8 @@ #ifdef USE_PAM if (!do_pam_account(authctxt->pw->pw_name, NULL)) authenticated = 0; + do_pam_session(authctxt->pw->pw_name, NULL); + do_pam_setcred(1); #endif }

...atabase may be corrupt so I replaced it with a backup, but no go. I deleted the smbpasswd database, readded users, that didn't work either. Checking the samba logs, I found this series of errors when trying to get to any samba share: [2007/12/19 08:28:18, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/19550/113] [2007/12/19 08:28:18, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=113 [2007/12/19 08:29:08, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 08:29:08, 1...

...ther. Checking a users samba log, I found this series of errors when trying to get to any samba share: [2007/12/19 13:16:15, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 13:16:15, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/32352/109] [2007/12/19 13:16:15, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=109 [2007/12/19 13:16:31, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 13:16:31,...

...m.d/samba, I set session required pam_smbpass.so then login fails, and the log says: [2002/08/04 15:43:26, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : Module is unknown [2002/08/04 15:43:26, 1] smbd/session.c:session_claim(103) pam_session rejected the session for ichbin [smb/1] [2002/08/04 15:43:26, 1] smbd/password.c:register_vuid(285) Failed to claim session for vuid=101 If I set session required pam_permit.so then there is no problem, although auth, account, and password are still set to use pam_smbpass.so. Does t...

On Solaris, the pam_unix module includes a pam_session which updates the lastlog file. Since OpenSSH calls pam_session before reading the lastlog file, SSH logins to systems with this configuration (as well as similar ones, I'd imagine) report the last login time and remote host as the values from the current session. My solution to this problem...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm pleased to (finally) announce the availability of my GSSAPI Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for doing GSSAPI user authentication, this only allows the underlying security mechanism to authenticate the user to the server, and continues to use SSH host keys to authenticate the server to the

Hi, Apologies if my attempts to subscribe bombarded this list with empty emails. We're running openssh 3.6.1p1 on Linux i386 and need to chroot and modify people's capabilities (Linux specific) when they log in. To do this we've compiled openssh with pam support and then configured pam to chroot people and alter their capabilities (such as giving them the privilege to bind to a port

...sapi patch in conjunction with a pam_module, which executed 'aklog', a program that converts a kerberos ticket to an AFS token. This does not work anymore with priv separation enabled. I had a look at the sources and found out, that the transferred Kerberos credentials got stored after the pam_session module was executed. I therefor created the attached small patch, which makes it work for me. I am sure that it is not an elegant method, but... If there is a different way to go please let me know. regards, Christian Pfaffel -- Christian Pfaffel <flash at itp.tu-graz.ac.at> Technische Un...