Displaying 20 results from an estimated 21 matches for "pam_ssh".
2011 Dec 23
1
FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-11:09.pam_ssh Security Advisory
The FreeBSD Project
Topic: pam_ssh improperly grants access when user account has
unencrypted SSH private keys
Category: contrib
Module: pam
Announ...
2010 Aug 06
2
dovecot-auth process crashed during pam login
Hello!
We experienced crashes of the dovecot-auth process during user
verification with pam_ssh.
After a little debugging I saw that pam_ssh and dovecot both provide a
buffer_free() function. During cleanup of pam_ssh the buffer_free() from
dovecot was called. The members of the buffer had all "out of bound"
addresses.
After rename the buffer_free() in dovecot the pam login works...
2011 Nov 15
2
Possible pam_ssh bug?
...eBSD 8.2 using any password. The user had a .ssh/id_rsa and .ssh/id_rsa.pub key pair without a password but nullok was not specified, so I think this should be considered a bug.
During diagnosis, /etc/pam.d/sshd was configured for authentication using:
-------------
auth required pam_ssh.so no_warn try_first_pass
-------------
I enabled _openpam_debug in pam_ssh and found this during a login via sshd to the user's account:
-------------
Nov 15 09:51:53 fbsd8-i386 sshd[52853]: in pam_ssh_load_key(): failed to load key from /home/targetuser/.ssh/identity
Nov 15 09:...
2000 Nov 20
0
pam_ssh
...an ssh-agent process is started and any successfully decrypted
private keys are added. Hence, users only type their logins and
passwords once at the beginning of a session. As a side benefit,
system administrators can elect to rid the password database of
authentication data.
At the time I wrote pam_ssh, Theo de Raadt said he wanted to keep
the OpenSSH code base tightly-controlled, so my patches were not
imported. FreeBSD was interested, however, and pam_ssh has been
part of the core ever since.
Now that the code has been performing well for a year in FreeBSD,
would you consider importing it int...
2003 Oct 31
4
Samba and private shares
...inbind.so
auth sufficient pam_opie.so
no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
#auth sufficient pam_krb5.so
no_warn try_first_pass
#auth sufficient pam_ssh.so
no_warn try_first_pass
auth required pam_unix.so
no_warn try_first_pass
# account
#account required pam_krb5.so
account sufficient pam_winbind.so
account required pam_unix.so
# session
#ses...
2007 Apr 13
1
Samba3 : no suitable range available for sid
...ie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient pam_winbind.so try_first_pass
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass nullok
# account
account required pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account requ...
2011 Feb 18
1
Not sure I understand when add user script is called
...sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_winbind.so mkhomedir=yes
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session...
2009 Aug 28
1
FreeBSD 7.2 and Samba 3.3.7 AD 2003 Authentication Problem
...no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
auth sufficient /usr/local/lib/pam_winbind.so
try_first_pass
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account sufficient /usr/local/lib/pam_winbind.so
account r...
2017 Aug 03
2
pam auth problem
...m.d/{imap,pop3} were untouched; both as follows
#
# $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $
#
# PAM configuration for the "pop3" service
#
# auth
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
#account required pam_nologin.so
account required pam_unix.so
2005 Jun 24
0
Winbind NT domain authentication
...pam_nologin.so no_warn
#auth sufficient pam_opie.so no_warn no_fake_prompts
#auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
#auth required pam_unix.so no_warn try_first_pass
#tfa
auth sufficient pam_winbind.so debug try_first_pass
auth sufficient pam_unix.so no_warn try_first_pass
# account
#account...
2005 Jun 24
0
Winbind NT domain authentication
...pam_nologin.so no_warn
#auth sufficient pam_opie.so no_warn no_fake_prompts
#auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
#auth required pam_unix.so no_warn try_first_pass
#tfa
auth sufficient pam_winbind.so debug try_first_pass
auth sufficient pam_unix.so no_warn try_first_pass
# account
#account...
2007 Jan 30
1
cannot su, something may related to pam
...ib/pam_winbind.so try_first_pass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
account required /usr/lib/pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
acco...
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
...ntly, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to accept at each stage...
require pam_ssh_skey.so
sufficient pam_ssh_publickey.so
sufficient pam_ssh_password.so
...etc. But PAM doesn't actually let us work like that, so it'd end up
being something more like...
require pam_ssh.so methods=skey
require pam_ssh.so methods=publickey,password
...and I suspect it's overkill...
2005 Aug 19
2
pam_radius fail open?
...am_nologin.so no_warn
#auth sufficient pam_opie.so no_warn
no_fake_prompts
#auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
#auth required pam_unix.so no_warn
try_first_pass
# account
#account required pam_krb5.so
#account required pam_login_access.so
#account required pam_unix.so
# session
#...
2012 Apr 17
0
Problems with samba as PDC
...quot; service
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth sufficient /usr/local/lib/pam_winbind.so
auth requisite pam_opieaccess.so
no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
#auth sufficient /usr/local/lib/pam_winbind.so
auth required pam_unix.so no_warn try_first_pass
# account
account sufficient /usr/local/lib/pam_winbind.so
account required pam_nologin.so
#account required pam_krb5.so
account...
2017 Aug 03
4
pam auth problem
>> auth: in openpam_parse_chain(): /etc/pam.d/dovecot(1): missing or invalid facility
>
> I do not think that it has something to do with the dovecot settings
> itself but perhaps with the pam facility settings instead?
i can believe that. any clues to debug?
randy
2017 Aug 03
0
pam auth problem
...>
> #
> # $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $
> #
> # PAM configuration for the "pop3" service
> #
>
> # auth
> #auth sufficient pam_krb5.so no_warn try_first_pass
> #auth sufficient pam_ssh.so no_warn try_first_pass
> auth required pam_unix.so no_warn try_first_pass
>
> # account
> #account required pam_nologin.so
> account required pam_unix.so
copy or link /etc/pam.d/imap do /etc/pam.d/dovecot
-...
2012 Jun 20
1
Dovecot not liking AD config from wiki??
Hi,
I'm trying to setup Dovecot with MS AD and am using this as my guide:
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
I can definitely access information on the AD server using wbinfo -g
and wbinfo -u.....
Currently my dovecot.conf file looks like this:
# v1.1:
#auth_ntlm_use_winbind = yes
# v1.2+:
auth_use_winbind = yes
auth_winbind_helper_path = /usr/local/bin/ntlm_auth
2005 Jan 29
1
Cyrus IMAP crashes after reading /etc/krb5.conf
...28 20:29:06 2005
@@ -9,5 +9,5 @@
auth requisite pam_opieaccess.so no_warn allow_local
-#auth sufficient pam_krb5.so no_warn try_first_pass
+auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
nullok
+auth sufficient pam_unix.so no_warn try_first_pass
nullok
Thank you very much for any hints!
-mi
2001 Oct 07
3
Using -lssh as shared library
...l package size (3 rpms -- openssh, openssh-server
and openssh-clients -- was 650Kb befor and 420Kb after).
While tweaking makefiles and so on, I realized one minor
problem with libssl.a: it is not a complete library per
se. Yes, I know that it isn't intended to be used by
other programs (btw, pam_ssh uses parts of libssh), but
keeping it in a good state may be helpful anyway. One
issue with this library is that it refers to an external
variable, IPV4or6, that itself isn't in library, but
defined in several source files instead, repeating the
same lines every time. So, then libssl is a sha...