search for: pam_tty

https://bugzilla.mindrot.org/show_bug.cgi?id=1799 Summary: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY Product: Portable OpenSSH Version: 5.5p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at mindrot.org ReportedBy: kstemen...

...TTY) login. I think this behaviour was introduced with the patch cluster. First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty which is null, and segfaults. This occurs in debug mode only and is easy to fix. The next problem is that pam_open_session now seems to fail when PAM_TTY is set to NULL. debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req exec debug1: PAM: setting PAM_TTY to "(null)" PAM: pam_open_session(): Can not make/remove entry for session The code from 3.6.1p2 is doesn't set PAM_TTY at all when tty...

Hello, all- Apparently, under Solaris (I can personally confirm SunOS 5.7 and 5.8), pam_open_session will generate a segfault if PAM_TTY is not set. The obvious symptom of this is that OpenSSH 2.9.9p2 will segfault on any operation that does not request a tty (do_exec_no_pty). Based on a quick google search, this seems to have been encountered by others, though the specific symptoms seem to have changed a bit. (eg http://www.cast...

>Okay, this appears to be a problem with pam_unix.so - the code in >pam_sm_open_session is written with the assumption that the tty name is of >the form "/dev/" + something else on the end. I'm not sure why the pam_sm_open_session in pam_unix on Solaris now does this: /* report error if ttyn or rhost are not set */ if ((ttyn == NULL) || (rhost == NULL))

...May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_USER to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_USER_PROMPT to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing data to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: c...

....200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); return(0); } @@ -197,17 +232,17 @@ if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); - pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname); + pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); if (pam_retval != PAM_SUCCESS) { fatal("PAM set tty failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } } - pam_retval = pam_open_session((pam_handle_...

...dp-sesman" (0xb471c0) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: ITEM(PAM_USER) > = "jas" (0xb4fd60) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: ITEM(PAM_TTY) = > "xrdp-sesman" (0xb4d6a0) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: > ITEM(PAM_AUTHTOK) = 0xb4fd80 > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: IT...

...sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_SERVICE) = "sshd" (0x10226f8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_USER) = "roy" (0x1021aa8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_TTY) = "ssh" (0x102c040) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_RHOST) = "192.168.2.240" (0x102c028) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_AUTHTOK) = 0x1021ab8 Jul 24 10:13:18 pi...

...pam_handle, PAM_RHOST, pam_rhost); + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; + pam_end(grab_pamh(0, NULL), sshpam_err); + grab_pamh(1, NULL); return (-1); } #ifdef PAM_TTY_KLUDGE @@ -329,10 +426,10 @@ * may not even set one (for tty-less connections) */ debug("PAM: setting PAM_TTY to \"ssh\""); - sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh"); + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_TTY, "ssh&quo...

...d(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_SERVICE) = "sshd" (0x7fc74c2c9380) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_USER) = "DOMREMOTE\testuser" (0x7fc74c2c9fe0) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_TTY) = "ssh" (0x7fc74c2e15f0) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_RHOST) = "192.168.1.1" (0x7fc74c2e15d0) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_AUTHTOK) = 0x7fc74c2caec0 sshd[9569]: pam_winbind(sshd:auth): [...

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

...ecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user root service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "x.x.x.x" debug1: PAM: setting PAM_TTY to "ssh" Failed none for root from x.x.x.x port 2319 ssh2 Failed none for root from x.x.x.x port 2319 ssh2 debug1: userauth-request for user root service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug1: keyboard-interactive devs debug1: auth2_challenge: user...

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

...he SIGSEGV is inside pam_open_session. Truss shows that the lastlog file has just been opened for writing. Non-interactive uses of ssh work. The cause is that, on this route through the code, do_pam_account is _not_ called, but do_pam_session is. This results in pam_open_session being called with PAM_TTY set but PAM_RHOST not set. (In the non-interactive case, PAM_TTY is not set either, so the PAM module does not try to update lastlog, and so does not look at PAM_RHOST). The SIGSEGV might be regarded as a bug in Sun's code, but the failure to set PAM_RHOST in the case of a passwordless login i...

Hi, I didn't know if this was the correct spot to send openSSH bugs/problems so I thought I'd try... Anyway, I have encountered the following compile time problems for openssh-1.2pre15 / Solaris 2.6 / gcc 2.8.1 - * daemon code (bsd-daemon.[ch]) exists but is not linked in. Also, header is not included. Same might apply to bsd-login. * rsa.h needs __P() define to work

...(PAM_SERVICE) = "sshd" (0x7f6b826837d0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_USER) = "nathan" (0x7f6b826837f0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_TTY) = "ssh" (0x7f6b8268dbd0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_RHOST) = "mycomputer.domain.local" (0x7f6b82684610) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE:...

...30] STATE: ITEM(PAM_SERVICE) = "sshd" (0x7f1d54caa2e0) Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh: 0x7f1d54cb2030] STATE: ITEM(PAM_USER) = "georg" (0x7f1d54ca9f00) Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh: 0x7f1d54cb2030] STATE: ITEM(PAM_TTY) = "ssh" (0x7f1d54cb21d0) Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh: 0x7f1d54cb2030] STATE: ITEM(PAM_RHOST) = "192.168.0.107" (0x7f1d54cb21b0) Jan 2 12:23:55 websrv sshd[3541]: pam_winbind(sshd:auth): [pamh: 0x7f1d54cb2030] STATE: ITEM(PAM_AUTHTOK) = 0x7f...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The same result without CFLAGS: configure:17300: checking for mblen configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

...0x15cfc80] STATE: ITEM(PAM_SERVICE) = "dovecot" (0x15c fe00) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_USER) = "tt1" (0x15cfe20) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0 ) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1 5cbf60) Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh: 0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1&qu...