Displaying 20 results from an estimated 99 matches for "pam_success".
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...switch (msg[count]->msg_style) {
+ for (count = 0; count < num_msg; count++) {
+ switch ((*msg)[count].msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ fputs((*msg)[count].msg, stderr);
+ fgets(buf, sizeof(buf), stdin);
+ reply[count].resp = xstrdup(buf);
+ reply[count].resp_retcode = PAM_SUCCESS;
+ break;
case PAM_PROMPT_ECHO_OFF:
- if (pampasswd == NULL) {
- free(reply);
- return PAM_CONV_ERR;
- }
+ if (pamstate == INITIAL_LOGIN) {
+ if (pampasswd == NULL) {
+ free(reply);
+ return PAM_CONV_ERR;
+ }
+ reply[count].resp = xstrdup(pampasswd);
+...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...le("%s [pam]", pam_user);
#endif
@@ -224,11 +287,11 @@
sshpam_conv.appdata_ptr = ctxt;
buffer_init(&buffer);
- sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_CONV,
(const void *)&sshpam_conv);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
- sshpam_err = pam_authenticate(sshpam_handle, 0);
+ sshpam_err = pam_authenticate(grab_pamh(0, NULL), 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
buffer_put_cstring(&buffer, "OK");
@@ -238,7 +301,7 @@
auth_fail:
buffer_put_cstring(&buffer,
-...
2007 Jun 05
2
pam_ldap-184 compile error
...fore '*' token
pam_ldap.c: In function `_cleanup_authtok_data':
pam_ldap.c:602: error: `data' undeclared (first use in this function)
pam_ldap.c: In function `_alloc_config':
pam_ldap.c:617: error: `PAM_BUF_ERR' undeclared (first use in this function)
pam_ldap.c:666: error: `PAM_SUCCESS' undeclared (first use in this function)
pam_ldap.c: In function `_read_config':
pam_ldap.c:771: error: `PAM_SUCCESS' undeclared (first use in this function)
pam_ldap.c:773: error: `PAM_BUF_ERR' undeclared (first use in this function)
pam_ldap.c:800: error: `PAM_SERVICE_ERR' und...
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on.
Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector.
Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk"
Jul 3
1998 Oct 07
1
Re: sshd and PAM [summary]
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
I''ve got several replies, thank you for them. Let me summarize:
o Many people say there is a PAMified version of ssh available at
ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source)
ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries)
(there are analogous paths for the other architectures). The packages
are made by Jan
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
...the PAM stack changing the user name on us
+ */
+static int
+sshpam_handle_user_change(pam_handle_t *sshpam_handle, Authctxt *authctxt)
+{
+ const char *pam_user;
+ const char **ptr_pam_user = &pam_user;
+
+ if (pam_get_item(sshpam_handle, PAM_USER,
+ (sshpam_const void **)ptr_pam_user) != PAM_SUCCESS)
+ return PAM_AUTH_ERR;
+
+ if (strcmp(authctxt->user, pam_user)) {
+ char *user = strdup(pam_user);
+ struct passwd *pw;
+
+ if (!user)
+ return PAM_AUTH_ERR;
+
+ if (!(pw = getpwnamallow(user))) {
+ free(user);
+ return PAM_AUTH_ERR;
+ }
+
+ free(authctxt->pw);
+ authctxt-&g...
2018 Feb 12
3
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...okup service=imap
Feb 11 09:20:40 mail auth: in openpam_dispatch(): calling
pam_sm_authenticate() in /usr/lib/pam_krb5.so.6
Feb 11 09:20:40 mail auth: in pam_get_user(): entering
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_USER
Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user:
woodsb02
Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER
Feb 11 09:20:40 mail auth: in pam_get_item(): returning
PAM_SUCCESS
Feb 11 09:20:40 mail auth...
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
...tok_reqd = 0;
static int sshpam_session_open = 0;
static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
struct pam_ctxt {
sp_pthread_t pam_thread;
@@ -231,6 +234,15 @@ sshpam_thread(void *ctxtp)
sshpam_err = pam_authenticate(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
+ if (compat20) {
+ if (do_pam_account() && sshpam_new_authtok_reqd) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ sshpam_new_authtok_reqd = 0; /* XXX: reset fwd flags */...
2018 Feb 12
0
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...b 11 09:20:40 mail auth: in openpam_dispatch(): calling
> pam_sm_authenticate() in /usr/lib/pam_krb5.so.6
> Feb 11 09:20:40 mail auth: in pam_get_user(): entering
> Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_USER
> Feb 11 09:20:40 mail auth: in pam_get_item(): returning PAM_SUCCESS
> Feb 11 09:20:40 mail auth: in pam_get_user(): returning PAM_SUCCESS
> Feb 11 09:20:40 mail auth: in pam_sm_authenticate(): Got user:
> woodsb02
> Feb 11 09:20:40 mail auth: in pam_get_item(): entering: PAM_RUSER
> Feb 11 09:20:40 mail auth: in pam_get_item(): returning
> PAM_SUC...
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
...end(&loginmsg, **prompts,
+ strlen(**prompts));
xfree(**prompts);
**prompts = NULL;
}
@@ -551,21 +549,6 @@ do_pam_account(void)
}
void
-do_pam_session(void)
-{
- sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
- (const void *)&null_conv);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: failed to set PAM_CONV: %s",
- pam_strerror(sshpam_handle, sshpam_err));
- sshpam_err = pam_open_session(sshpam_handle, 0);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: pam_open_session(): %s",
- pam_strerror(sshpam_handle, sshpam_err));
- sshpam_ses...
2014 Dec 12
0
PATCH - add username_format to the PAM auth module
...up(ctx->request->user);
+ string = strdup(str_c(username));
if (string == NULL)
i_fatal_status(FATAL_OUTOFMEM, "Out of memory");
break;
@@ -108,12 +116,14 @@
}
free(resp);
+ str_free(&username);
return PAM_CONV_ERR;
}
resp[i].resp_retcode = PAM_SUCCESS;
resp[i].resp = string;
}
+ str_free(&username);
*resp_r = resp;
return PAM_SUCCESS;
@@ -231,7 +241,10 @@
pam_strerror(pamh, status));
return status;
}
- auth_request_set_field(request, "user", item, NULL);
+ if (module->pam_allow_transform)
+ {
+ auth_...
2002 Jun 28
2
Error when configuring pam on samba (MANDRAKE 8.2 and before)
...`pamh' undeclared (first use in this function)
nsswitch/pam_winbind.c:72: (Each undeclared identifier is reported only once
nsswitch/pam_winbind.c:72: for each function it appears in.)
nsswitch/pam_winbind.c:72: `PAM_CONV' undeclared (first use in this
function)
nsswitch/pam_winbind.c:73: `PAM_SUCCESS' undeclared (first use in this
function)
nsswitch/pam_winbind.c:74: dereferencing pointer to incomplete type
nsswitch/pam_winbind.c:74: `nargs' undeclared (first use in this function)
nsswitch/pam_winbind.c:74: `message' undeclared (first use in this function)
nsswitch/pam_winbind.c:75:...
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.
2009 Jun 24
0
winbind authentication mystery
...story-20 sshd[4656]: pam_winbind(sshd:auth): Password
has expired (Password was last set: 1245880658, the policy says it
should expire here 1245880657 (now it's: 1245882598))
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:auth): [pamh:
0x1f06f48] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS)
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account): [pamh:
0x1f06f48] ENTER: pam_sm_acct_mgmt (flags: 0x0000)
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account):
pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set
Jun 24 15:29:58 history-20 sshd[4656]: pam_...
2003 Jan 28
1
[nsswitch/pam_winbind.po] Error 1 With Compiling 3.0
...`pamh' undeclared (first use in this
function)
nsswitch/pam_winbind.c:67: (Each undeclared identifier is reported only
once
nsswitch/pam_winbind.c:67: for each function it appears in.)
nsswitch/pam_winbind.c:67: `PAM_CONV' undeclared (first use in this
function)
nsswitch/pam_winbind.c:68: `PAM_SUCCESS' undeclared (first use in this
function)
nsswitch/pam_winbind.c:69: dereferencing pointer to incomplete type
nsswitch/pam_winbind.c:69: `nargs' undeclared (first use in this
function)
nsswitch/pam_winbind.c:69: `message' undeclared (first use in this
function)
nsswitch/pam_winbind.c:70:...
2009 Dec 31
0
winbind authentication mystery
...story-20 sshd[4656]: pam_winbind(sshd:auth): Password
has expired (Password was last set: 1245880658, the policy says it
should expire here 1245880657 (now it's: 1245882598))
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:auth): [pamh:
0x1f06f48] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS)
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account): [pamh:
0x1f06f48] ENTER: pam_sm_acct_mgmt (flags: 0x0000)
Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account):
pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set
Jun 24 15:29:58 history-20 sshd[4656]: pam_...
2003 Jan 10
0
Samba-2.2.7a Compile error --with-pam
...-with-winbind \
--with-pam
make 2>errors
errors:
nsswitch/pam_winbind.c:97: dereferencing pointer to incomplete type
nsswitch/pam_winbind.c: In function `winbind_request':
nsswitch/pam_winbind.c:111: `PAM_SERVICE_ERR' undeclared (first use in this
function)
nsswitch/pam_winbind.c:122: `PAM_SUCCESS' undeclared (first use in this
function)
nsswitch/pam_winbind.c: In function `winbind_auth_request':
nsswitch/pam_winbind.c:154: `PAM_AUTH_ERR' undeclared (first use in this
function)
nsswitch/pam_winbind.c:158: `PAM_USER_UNKNOWN' undeclared (first use in
this function)
nsswitch/pam...
2003 Aug 08
0
Problem with -current on Solaris 8 + PAM?
...The code from 3.6.1p2 is doesn't set PAM_TTY at all when tty is NULL.
Doing that fixes -current for me. Should it be changed to do the same
thing, ie
--- auth-pam.c 3 Jun 2003 00:25:48 -0000 1.64
+++ auth-pam.c 8 Aug 2003 02:13:34 -0000
@@ -531,11 +531,13 @@
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
- debug("PAM: setting PAM_TTY to \"%s\"", tty);
- sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
- if (sshpam_err != PAM_S...
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
...d == 1)
+ pam_password_change_required(1);
+
/* Import environment from subprocess */
num_env = buffer_get_int(b);
sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
@@ -290,9 +314,28 @@ sshpam_thread(void *ctxtp)
sshpam_err = pam_authenticate(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
+
+ if (compat20) {
+ if (do_pam_account()) {
+ if (sshpam_new_authtok_reqd) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ pam_password_change_required(0);
+ }
+ }...