search for: pam_sm_setcr

...pam_winbind(sshd:account): user 'user2' needs new password sshd[12345]: pam_winbind(sshd:account): [pamh: 0x12345678] LEAVE: pam_sm_acct_mgmt returning 12 sshd[12345]: Accepted password for user2 from 127.0.0.1 port 4711 ssh2 sshd[12345]: pam_winbind(sshd:setcred): [pamh: 0x12345678] ENTER: pam_sm_setcred (flags: 0x0002) sshd[12345]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented sshd[12345]: pam_winbind(sshd:setcred): [pamh: 0x12345678] LEAVE: pam_sm_setcred returning 0 sshd[12345]: pam_unix(sshd:session): session opened for user user2 by (uid=0) sshd[12346]: pam_winbind(sshd:setcr...

...: pam_winbind(sshd:account): [pamh: 0x1f06f48] LEAVE: pam_sm_acct_mgmt returning 12 (PAM_NEW_AUTHTOK_REQD) Jun 24 15:29:58 history-20 sshd[4656]: Accepted password for cmthielen from 127.0.0.1 port 36881 ssh2 Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] ENTER: pam_sm_setcred (flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 15:29:58 history-20 sshd[4656]: pam_unix(...

...: pam_winbind(sshd:account): [pamh: 0x1f06f48] LEAVE: pam_sm_acct_mgmt returning 12 (PAM_NEW_AUTHTOK_REQD) Jun 24 15:29:58 history-20 sshd[4656]: Accepted password for cmthielen from 127.0.0.1 port 36881 ssh2 Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] ENTER: pam_sm_setcred (flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 15:29:58 history-20 sshd[4656]: pam_unix(...

...al does not matter). It has nothing to do with the versions of various ldap-related ports (at least not obviously), because the same set of packages does work with 9.1. Upon trying to login, this is in /var/log/messages: Oct 15 11:10:27 server1 pure-ftpd: in openpam_dispatch(): pam_nologin.so: no pam_sm_setcred() Oct 15 11:10:27 server1 pure-ftpd: in openpam_check_error_code(): pam_sm_setcred(): unexpected return value 4 Oct 15 11:10:30 server1 pure-ftpd: (?@127.0.0.1) [WARNING] Authentication failed for user [demo] Can anyone shed any light on this? What did change between 9.1 and 9.2? Best Rega...

...fscreds.c:487:89: warning: unused parameter ?argv? [-Wunused-parameter] PAM_EXTERN int pam_sm_close_session(pam_handle_t *ph, int flags, int argc, const char **argv) ^ pam_cifscreds.c: In function ?pam_sm_setcred?: pam_cifscreds.c:501:45: warning: unused parameter ?ph? [-Wunused-parameter] PAM_EXTERN int pam_sm_setcred(pam_handle_t *ph, int flags, int argc, const char **argv) ^ pam_cifscreds.c:501:53: warning: unused parameter ?flags? [-Wunused...

...09:53:53 garfield2 sshd[16255]: pam_log: pam_sm_acct_mgmt Apr 6 09:53:53 garfield2 sshd[16255]: (S 8) Accepted publickey for root from 127.0.0.1 port 47019 Apr 6 09:53:53 garfield2 sshd[16255]: (S 8) channel 0: new: server-session, nchannels open: 1 Apr 6 09:53:53 garfield2 sshd[16255]: pam_log: pam_sm_setcred Apr 6 09:53:53 garfield2 sshd[16257]: pam_log: pam_sm_open_session Apr 6 09:54:03 garfield2 sshd[16257]: pam_log: pam_sm_setcred For regular users: Apr 6 10:14:59 garfield2 sshd[16311]: (S 9) Found matching RSA key: ... Apr 6 10:14:59 garfield2 sshd[16311]: pam_log: pam_sm_acct_mgmt Apr 6...

...(e.g. /tmp/krb5cc_<uid>). I've had the following combinations: login auth sufficient pam_krb5.so try_first_pass debug ccache=SAFE login auth sufficient pam_krb5.so try_first_pass debug ccache=/tmp/krb5cc_%u According to the pam_krb5(8) manual page, "The pam_sm_setcred() function stores the newly acquired credentials in a credentials cache, and sets the environment variable KRB5CCNAME appropriately. The credentials cache should be destroyed by the user at logout with kdestroy(1)." And looking through /usr/src/lib/libpam/modules/pam_krb5/pam_krb5_auth.c d...

...winbind(gdm:auth): Returned user was 'sachs' pam_winbind(gdm:auth): [pamh: 0x88bcf70] LEAVE: pam_sm_authenticate returning 0 pam_winbind(gdm:account): user 'sachs' OK pam_winbind(gdm:account): user 'sachs' granted access pam_winbind(gdm:setcred): [pamh: 0x88bcf70] ENTER: pam_sm_setcred (flags: 0x0002) pam_winbind(gdm:setcred): PAM_ESTABLISH_CRED not implemented pam_winbind(gdm:setcred): [pamh: 0x88bcf70] LEAVE: pam_sm_setcred returning 0 Some configurations: 1 - Nsswitch configure with LDAP, its work fine. 2 - smb.conf [global] workgroup = _LOCAL_ ne...

https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW

..._winbind(gnome-screensaver:account): user 'rking' OK Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:account): user 'rking' granted access Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): [pamh: 0x0061b220] ENTER: pam_sm_setcred (flags: 0x0008) Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): PAM_REINITIALIZE_CRED not implemented Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): [pamh: 0x0061b220] LEAVE: pam_sm_setcred returning 0 Aug 9 19:21...

...someways I think it should be upto the modules to document what they need but I also think this could break the abstraction that PAM is supposed to provide. >As for PAM_KRB5, assuming my interpretation of PAM_REINITIALIZE_CREDS is >correct, it should create a root-owned ccache when it's pam_sm_setcred() >is called to PAM_CRED_ESTABLISH and it should create PAM_USER-owned >ccache when it's pam_sm_setcred() is called to PAM_REINITIALIZE_CREDS. That is not how pam_krb5 on Solaris is designed to work. If you call pam_setcred() with pam_krb5 on the stack it assumes that you have already...

...on): pam_kwallet: pam_sm_close_session Jul 2 16:15:05 samba-cliente lightdm: pam_kwallet5(lightdm:session): pam_kwallet5: pam_sm_close_session Jul 2 16:15:05 samba-cliente systemd-logind[635]: Removed session c6. Jul 2 16:15:05 samba-cliente lightdm: pam_kwallet(lightdm-greeter:setcred): (null): pam_sm_setcred Jul 2 16:15:05 samba-cliente lightdm: pam_kwallet5(lightdm-greeter:setcred): (null): pam_sm_setcred Jul 2 16:15:05 samba-cliente lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Jul 2 16:15:05 samba-cliente systemd-logind[635]: New session c7 of user light...

...shd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: DATA(PAM_WINBIND_LOGONSERVER) = "PI-DC" (0x102e3a8) Jul 24 10:13:18 pi-dc sshd[865]: Accepted password for roy from 192.168.2.240 port 59748 ssh2 Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] ENTER: pam_sm_setcred (flags: 0x0002) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] STATE: ITEM(PAM_SERVICE) = "sshd" (0x10226f8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] STATE: ITEM(PAM_USER) = "MICROLYNX\roy" (0x1024808) Jul 24...

Hello Friends, I am writing a PAM module for SSH to enforce one more layer of authentication. For that I need terminal ID in close_session() and pam_sm_setcred() function in PAM module while OpenSSH hardcoded it "ssh". I made few changes in OpenSSh code so it can set terminal ID properly. These changes were : added do_pam_set_tty() in session_pty_req(Session *s) function in session.c and added do_pam_set_tty() in mm_pty_allocate() function in...

Hi 3.0.23rc3 pam_winbind on SLES9/i386 with the provided RPMs doesn't work: PAM unable to resolve symbol: pam_sm_authenticate PAM unable to resolve symbol: pam_sm_setcred Is this a compile problem ? SLES9 specific ? I am trying to setup the cool Kerberos integration that Samba can do for Linux. Can anyone point me to docs about that ? Thanks, Schlomo

...0 samba-cliente lightdm: pam_kwallet(lightdm-greeter:session): pam_kwallet: pam_sm_close_session Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm-greeter:session): pam_kwallet5: pam_sm_close_session Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm-greeter:setcred): pam_kwallet: pam_sm_setcred Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm-greeter:setcred): pam_kwallet5: pam_sm_setcred Jul 1 12:31:30 samba-cliente lightdm: pam_unix(lightdm:session): session opened for user jmperrote by (uid=0) Jul 1 12:31:30 samba-cliente systemd-logind[635]: New session c4 of user jmper...

The 2 errors: pam_setcred: error Permission denied Cannot delete credentials[7]: Permission denied Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6. Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.) came up w/ a solution? Even a temporary one? When authenticating yourself on the same system that worked, but when authenticating to another system failed. I

...ally called after the user has been authenticated and after a session has been opened. See pam_authenticate(3PAM), pam_acct_mgmt(3PAM), and pam_open_session(3PAM). " >In fact, it seems clear to me that no user-owned ccache should be >created outside pam_krb5:pam_sm_setcred(). In Solaris it isn't. >> I'm not sure the call to pam_setcred with PAM_REINITIALIZE_CREDS is >> actually required in session.c. Why was it put there ? Is there a >> particular pam module that causes a problem ? > >See above about apps that don't fork() a...

...:auth): Returned user was 'DACRIB+ldap-proxy' pam_winbind(login:auth): [pamh: 0x89f63b8] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS) pam_unix(login:session): session opened for user DACRIB+ldap-proxy by DACRIB+ldap-proxy(uid=0) pam_winbind(login:setcred): [pamh: 0x89f63b8] ENTER: pam_sm_setcred (flags: 0x0002) pam_winbind(login:setcred): PAM_ESTABLISH_CRED not implemented pam_winbind(login:setcred): [pamh: 0x89f63b8] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) pam_unix(login:session): session closed for user DACRIB+ldap-proxy Looks like it *should* be working - it's using ker...

...close_session > Jul 2 16:15:05 samba-cliente lightdm: pam_kwallet5(lightdm:session): > pam_kwallet5: pam_sm_close_session > Jul 2 16:15:05 samba-cliente systemd-logind[635]: Removed session c6. > Jul 2 16:15:05 samba-cliente lightdm: > pam_kwallet(lightdm-greeter:setcred): (null): pam_sm_setcred > Jul 2 16:15:05 samba-cliente lightdm: > pam_kwallet5(lightdm-greeter:setcred): (null): pam_sm_setcred > Jul 2 16:15:05 samba-cliente lightdm: pam_unix(lightdm-greeter:session): > session opened for user lightdm by (uid=0) > Jul 2 16:15:05 samba-cliente systemd-logind[635]: New...