search for: pam_us

Displaying 20 results from an estimated 35 matches for "pam_us".

Did you mean: pam_un
2002 Aug 30
4
Patch so that sshd makes use of PAM_USER
<<pam_user.patch>> Hello. I created a patch that causes sshd to take notice of the value of PAM_USER after calling into the pam_xxx functions. This makes it possible for a PAM module to effect user mappings by setting the value of PAM_USER with pam_set_item(). If anyone has comments or suggestion...
2009 Jul 22
2
PAM_USER falsely assumed immutable
In 1.2.1 there's: passdb-pam.c:230 status = pam_get_item(pamh, PAM_USER, &item); passdb-pam.c:237 auth_request_set_field(request, "user", item, NULL); so "item" is PAM_USER, which is then checked by auth_request_set_field: 1022 if (strcmp(request->user, value) != 0) { 1023 auth_request_log_d...
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
...for example a kerberos ticket. >My guess, given what OpenSSH does with PAM: PAM_CRED_ESTABLISH means >"make it so we can use your module's credentials as root" whereas >PAM_REINITIALIZE_CREDS means "make it so we can use your module's >credentials as pam_get_item(PAM_USER)." That is wrong and is one thing the XSSO doc is clear on: "The pam_setcred() function is used to establish, modify, or delete the credentials of the current user associated with the authentication handle, pamh. " The Solaris pam_setcred(3pam) man page is less clear - I'll...
2002 Aug 29
0
Using PAM_USER for user mappings
Hello all. It is my understanding that a PAM-aware application should check the value of the PAM_USER attribute after every PAM call.
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
...mbiquous. I think it is quite easy to make the assumption that ESTABLISH and REINITIALIZE care synonymous but both are different from REFRESH. >And, IMO, as I think about it, the OpenSSH interpretation makes plenty >of sense. Consider an app that will not fork() a child that runs as the >PAM_USER (e.g., a web server) but which nonetheless needs the user's >Kerberos creds -- why bother creating a user-owned ccache then? I can see that from a PAM view point but it won't really work from a Kerberos view point (it isn't how kerberos was designed to work). >> "The p...
2006 Sep 12
3
Weird TZ Behavior in 4.1p1 and 4.3p2 on AIX
Hi, I am using PAM authentication on 3.8p1. In my PAM auth module I can turn on debug logging that includes a timestamp in the form "mm/dd/yy hh:mm:ss". Life is good. I want to upgrade from 3.8p1 so I can use PAM for PasswordAuthentication in addition to keyboard-interactive. I have compiled both 4.1p1 and 4.3p2 and the PAM authentication for both methods works fine in both
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
...57:47.000000000 -0500 +++ openssh-4.6p1.jleu/auth-pam.c 2007-05-24 13:16:56.000000000 -0500 @@ -335,6 +335,39 @@ } /* + * Detect and deal with the PAM stack changing the user name on us + */ +static int +sshpam_handle_user_change(pam_handle_t *sshpam_handle, Authctxt *authctxt) +{ + const char *pam_user; + const char **ptr_pam_user = &pam_user; + + if (pam_get_item(sshpam_handle, PAM_USER, + (sshpam_const void **)ptr_pam_user) != PAM_SUCCESS) + return PAM_AUTH_ERR; + + if (strcmp(authctxt->user, pam_user)) { + char *user = strdup(pam_user); + struct passwd *pw; + + if (!user) +...
2008 May 23
1
how to debug ssh slow connection issues.
...ld May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_USER to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_USER_PROMPT to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing data to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: calling substack May 23 12:01:56 192.168.1.21 pam_stack[23836]: substack...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...*/ + +static pam_handle_t *grab_pamh(int set, pam_handle_t *value) +{ + if (set) + sshpam_handle = value; + return sshpam_handle; +} + +#endif /* #ifdef USE_POSIX_THREADS */ + /* * Conversation function for authentication thread. */ @@ -216,7 +279,7 @@ #ifndef USE_POSIX_THREADS const char *pam_user; - pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); + pam_get_item(grab_pamh(0, NULL), PAM_USER, (const void **)&pam_user); setproctitle("%s [pam]", pam_user); #endif @@ -224,11 +287,11 @@ sshpam_conv.appdata_ptr = ctxt; buffer_init(&buffer); - sshp...
2002 Feb 14
2
[Bug 117] OpenSSH second-guesses PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 ------- > OpenSSH traditionally would not even start PAM, and > now starts it specifying 'NOUSER' as the login name. We have always used NOUSER, the recent patch just makes it consistent between protocols 1 and 2. > The second is to prevent username guessing
2020 Jul 29
1
kerberos ticket on login problem
...(flags: 0x0000) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: > ITEM(PAM_SERVICE) = "xrdp-sesman" (0xb471c0) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: ITEM(PAM_USER) > = "jas" (0xb4fd60) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: ITEM(PAM_TTY) = > "xrdp-sesman" (0xb4d6a0) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb...
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
..._winbind(sshd:auth): [pamh: 0x1022c38] ENTER: pam_sm_authenticate (flags: 0x0001) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_SERVICE) = "sshd" (0x10226f8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_USER) = "roy" (0x1021aa8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_TTY) = "ssh" (0x102c040) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: ITEM(PAM_RHOST) = "192.168.2.240" (0x102c028) Ju...
2007 Jun 27
1
User mapping via pam
Hi, I'm trying to change the PAM_USER within a pam module, and observed that dovecot 0.99 does not support this. I then looked at 1.x and found: src/auth/passdb-pam.c:232: /* FIXME: this doesn't actually work since we're in the child process.. */ status = pam_get_item(pamh, PAM_USER, (lin...
2010 Jul 20
5
Record Failed Passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi OpenSSH'ers, I am emailing you to ask is it possible to record failed passwords attempts and log them to syslog? Are there patches available for this? Has anyone managed to do this before? Are there alternitive methods? Many Thanks, A - -- Alan Neville, Postgraduate Education Officer, DCU Students' Union 2009/2010, BS.c Computer
2017 Mar 13
1
pam_winbind with trusted domain
...8.1.1 sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] ENTER: pam_sm_authenticate (flags: 0x0001) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_SERVICE) = "sshd" (0x7fc74c2c9380) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_USER) = "DOMREMOTE\testuser" (0x7fc74c2c9fe0) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_TTY) = "ssh" (0x7fc74c2e15f0) sshd[9569]: pam_winbind(sshd:auth): [pamh: 0x7fc74c2cad40] STATE: ITEM(PAM_RHOST) = "192.168.1.1" (0x7fc74c2e15d0) sshd[9...
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.
2011 Aug 08
0
[PATCH] check admin password for upgrade verification
...taller.py index 637c64c..7c66676 100644 --- a/scripts/ovirt-config-installer.py +++ b/scripts/ovirt-config-installer.py @@ -177,7 +177,7 @@ class NodeInstallScreen: def current_password_callback(self): auth = PAM.pam() auth.start("passwd") - auth.set_item(PAM.PAM_USER, "root") + auth.set_item(PAM.PAM_USER, "admin") global current_password current_password = self.current_password.value() auth.set_item(PAM.PAM_CONV, pam_conv) @@ -590,7 +590,7 @@ class NodeInstallScreen: self.root_password_1 = Entry(1...
2013 Nov 28
4
SSH - Winbind and Keybased Auth
...2683650] ENTER: pam_sm_acct_mgmt (flags: 0x0000) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_SERVICE) = "sshd" (0x7f6b826837d0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_USER) = "nathan" (0x7f6b826837f0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_TTY) = "ssh" (0x7f6b8268dbd0) Nov 28 17:34:58 testbox01 sshd[26078]: pam_winbind(sshd:account): [pamh: 0x7f6b82683650] STATE: ITEM(PAM_RHOST) =...
2001 Oct 31
3
2.9.9p2 and Solaris-2.8 PAM: Cannot delete credentials[7]: Permission denied
The 2 errors: pam_setcred: error Permission denied Cannot delete credentials[7]: Permission denied Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6. Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.) came up w/ a solution? Even a temporary one? When authenticating yourself on the same system that worked, but when authenticating to another system failed. I