search for: pam_tty_kludg

>Okay, this appears to be a problem with pam_unix.so - the code in >pam_sm_open_session is written with the assumption that the tty name is of >the form "/dev/" + something else on the end. I'm not sure why the pam_sm_open_session in pam_unix on Solaris now does this: /* report error if ttyn or rhost are not set */ if ((ttyn == NULL) || (rhost == NULL))

Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE' required. *WHAT* other issues *MUST* be address before 3.0 which is approaching fast? Those running NeXTStep I need conformation that it works under NeXT. My current Slab is packed in a storage unit due to a fire in my apartment complex (happened above me so I'm wrapping up dealing wit...

...ened, exiting Connection to 10.100.3.175 closed. $ The error on the server is: debug3: PAM: opening session PAM: pam_open_session(): Can not make/remove entry for session I have determined the problem is that pam_unix.so.1 does not like the value of PAM_TTY. I see this in the source code: #ifdef PAM_TTY_KLUDGE /* * Some silly PAM modules (e.g. pam_time) require a TTY to operate. * sshd doesn't set the tty until too late in the auth process and * may not even set one (for tty-less connections) */ debug("PAM: setting PAM_TTY to \"ssh\""); sshpam_err...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The same result without CFLAGS: configure:17300: checking for mblen configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

...dle_t**)&pamh); + pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); if (pam_retval != PAM_SUCCESS) { fatal("PAM initialisation failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } #ifdef PAM_TTY_KLUDGE @@ -254,10 +306,10 @@ * not even need one (for tty-less connections) * Kludge: Set a fake PAM_TTY */ - pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh"); + pam_retval = pam_set_item(pamh, PAM_TTY, "ssh"); if (pam_retval != PAM_SUCCESS) { fatal(&quot...

...INE(BROKEN_GETADDRINFO) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) - AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) ;; *-*-cygwin*) LIBS="$LIBS /usr/lib/textmode.o" @@ -123,7 +122,6 @@ check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) inet6_default_4in6=yes ;; mips-sony-bsd|mips-sony-newsos4) @@ -175,7 +173,6 @@ CPPFLAGS="$CPPFLAGS -DSUNOS4" AC_CHECK_FUNCS(getpwanam) AC_DEFINE(PAM_SUN_CODEBASE) - AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) conf_utmp_location=/etc/utmp conf_wtm...

http://bugzilla.mindrot.org/show_bug.cgi?id=687 ------- Additional Comments From dtucker at zip.com.au 2003-11-08 21:37 ------- Created an attachment (id=495) --> (http://bugzilla.mindrot.org/attachment.cgi?id=495&action=view) Make PAM_TTY "/dev/ssh" not "ssh" for PAM_TTY_KLUDGE Please try this patch and see if it makes a difference for you. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry

...ng why 3.7.1p2 alone do not work when 3.6, and 3.8 works. Both 3.7 and 3.8 have the following macros in config.h #undef DISABLE_SHADOW #define HAS_SHADOW_EXPIRE 1 #define HAVE_SHADOW_H 1 #define HAVE_SECURITY_PAM_APPL_H 1 #define USE_PAM 1 #define PAM_SUN_CODEBASE 1 #define HAVE_LIBPAM 1 /* #undef PAM_TTY_KLUDGE */ /* #undef HAVE_OLD_PAM */ /* #undef HAVE_PAM_GETENVLIST */ /* #undef HAVE_PAM_PUTENV */ Some more info on the PAM_LDAP library used on the system. When Shadow password bundle is installed on the system, shadow file enable and disable command is installed on "/usr/sbin/pwunconv" and...

...define HAVE_SYS_SYSMACROS_H 1 | #define HAVE_SYS_TIME_H 1 | #define HAVE_SYS_UN_H 1 | #define HAVE_TIME_H 1 | #define HAVE_TTYENT_H 1 | #define HAVE_UNISTD_H 1 | #define HAVE_UTIME_H 1 | #define HAVE_UTMP_H 1 | #define HAVE_UTMPX_H 1 | #define HAVE_LASTLOG_H 1 | #define HAVE_SYS_MOUNT_H 1 | #define PAM_TTY_KLUDGE 1 | #define LOCKED_PASSWD_PREFIX "!" | #define SPT_TYPE SPT_REUSEARGV | #define LINK_OPNOTSUPP_ERRNO EPERM | #define _PATH_BTMP "/var/log/btmp" | #define USE_BTMP 1 | #define LINUX_OOM_ADJUST 1 | #define HAVE_LINUX_IF_TUN_H 1 | #define SSH_TUN_LINUX 1 | #define SSH_TUN_COMPAT_A...

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

...ve access to (although that would only matter if the flag was set). diff -r -c old/configure.ac new/configure.ac *** old/configure.ac Mon Feb 23 22:47:04 2004 --- new/configure.ac Thu Feb 26 17:23:55 2004 *************** *** 273,278 **** --- 273,285 ---- AC_DEFINE(LOGIN_NEEDS_TERM) AC_DEFINE(PAM_TTY_KLUDGE) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") + # Check for existence of POSIX threads. + AC_CHECK_HEADER(pthread.h, [ + AC_CHECK_LIB(pthread, pthread_create, [ + CPPFLAGS="$CPPFLAGS -DUSE_POSIX_THREADS" + LIBS="-lpthread $LIBS" + ]) + ]) # Pushing STRE...

..._VERSION "" #define PACKAGE_STRING "" #define PACKAGE_BUGREPORT "" #define WORDS_BIGENDIAN 1 #define _FILE_OFFSET_BITS 64 #define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" #define PAM_SUN_CODEBASE 1 #define LOGIN_NEEDS_UTMPX 1 #define LOGIN_NEEDS_TERM 1 #define PAM_TTY_KLUDGE 1 #define DISABLE_UTMP 1 #define DISABLE_WTMP 1 #define STDC_HEADERS 1 #define HAVE_SYS_TYPES_H 1 #define HAVE_SYS_STAT_H 1 #define HAVE_STDLIB_H 1 #define HAVE_STRING_H 1 #define HAVE_MEMORY_H 1 #define HAVE_STRINGS_H 1 #define HAVE_INTTYPES_H 1 #define HAVE_UNISTD_H 1 #define HAVE_CRYPT_H 1 #def...

Included below is a diff between the output from configure on a 64 bit SUse 11.1 (doesn't find libedit) and a 64 bit Suse 10.3 (does find libedit) for otherwise identical setups. 1. How can I get the output set up to look at conftest.c? 2. I added a set -x to configure above LIBEDIT_MSG=no 3. ./configure --with-ldflags="-L/usr/lib64" --with-cflags="-ggdb3

I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to connect and execute a command, such as "ssh machine ls". Otherwise it works great. sshd will fork, and the child process segfaults. CVS snapshot does the same thing. I've narrowed this down somewhat. It will only happen if you use

...PIRE_IN_PASSWD */ /* #undef HAVE_PW_CHANGE_IN_PASSWD */ /* #undef HAVE_ACCRIGHTS_IN_MSGHDR */ #define HAVE_CONTROL_IN_MSGHDR 1 /* #undef BROKEN_INET_NTOA */ #define HAVE_SYS_ERRLIST 1 #define HAVE_SYS_NERR 1 /* #undef IP_TOS_IS_BROKEN */ /* #undef HAVE_GETUSERATTR */ #define HAVE_BASENAME 1 #define PAM_TTY_KLUDGE 1 /* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ /* #undef USE_PIPES */ /* #undef BROKEN_SNPRINTF */ /* #undef HAVE_CYGWIN */ /* #undef BROKEN_REALPATH */ /* #undef HAVE_NEXT */ /* #undef USE_PAM */ /* #undef WITH_AIXAUTHENTICATE */ /* #undef AIX_LOGINFAILED_4ARG */ /* #undef SKEYCHALLENGE_4ARG */ /* #u...

...pam_handle, PAM_RHOST, pam_rhost); + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; + pam_end(grab_pamh(0, NULL), sshpam_err); + grab_pamh(1, NULL); return (-1); } #ifdef PAM_TTY_KLUDGE @@ -329,10 +426,10 @@ * may not even set one (for tty-less connections) */ debug("PAM: setting PAM_TTY to \"ssh\""); - sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh"); + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_TTY, "ssh");...

...eck_for_libcrypt_later=1 > check_for_openpty_ctty_bug=1 > + dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. > + dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE > + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" > AC_DEFINE([PAM_TTY_KLUDGE], [1], > [Work around problematic Linux PAM modules handling of PAM_TTY]) > AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], > @@ -1789,11 +1792,8 @@ AC_CHECK_FUNCS([ \ > warn \ > ]) > > -dnl Wide character support. Linux man page says it needs _XOPEN_S...