Displaying 11 results from an estimated 11 matches for "pamstate".
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...NULL;
static const char *pampasswd = NULL;
static char *pam_msg = NULL;
-/* PAM conversation function. This is really a kludge to get the password */
-/* into PAM and to pick up any messages generated by PAM into pamconv_msg */
+/* states for pamconv() */
+typedef enum { INITIAL_LOGIN, OTHER } pamstates;
+static pamstates pamstate = INITIAL_LOGIN;
+/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
+static int password_change_required = 0;
+
+/*
+ * PAM conversation function.
+ * There are two states this can run in.
+ *
+ * INITIAL_LOGIN mode simply feeds the password from the c...
2001 Nov 07
2
Flaw in empty password authentication in sshd
...Tue Nov 6 22:58:46 2001
***************
*** 203,208 ****
--- 203,209 ----
{
extern ServerOptions options;
int pam_retval;
+ int flags=0;
do_pam_set_conv(&conv);
***************
*** 217,223 ****
__pampasswd = password;
pamstate = INITIAL_LOGIN;
! pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
debug("PAM Password authentication accepted for "
"user \"%.100s\"", pw->pw_name);
--- 218,227 ----
__pampasswd = password;
pamst...
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...+26,8 @@
#ifdef USE_PAM
#include "ssh.h"
+#include "ssh1.h"
+#include "packet.h"
#include "xmalloc.h"
#include "log.h"
#include "auth-pam.h"
@@ -54,6 +56,8 @@
/* states for do_pam_conversation() */
enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
+/* which type of prompts we should handle, set in auth_pam_password */
+static int pamprompt;
/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
static int password_change_required = 0;
/* remember whether the last pam_authenticate() succeeded or not */
@@ -98,...
2002 Jul 24
0
pam problems with securid patch
Hi,
I have the securID patch applied to openssh3.4p-1 and it's compiled with
pam. The problem I'm getting is that SecurID auth works OK, but normal
password auth doesn't. I narrowed down the failure to the following section
in auth-pam.c :
__pampasswd = password;
pamstate = INITIAL_LOGIN;
pam_retval = do_pam_authenticate(
options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK :
0);
but I can't see how this works. Can anyone enlighten me please? I know that
the password is correct but pam_retval is still not equal to PAM_SUCCESS.
Ch...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...l));
+ }
+}
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
@@ -344,17 +354,15 @@
do_pam_set_conv(&conv);
if (password_change_required) {
- if (use_privsep)
- fatal("Password changing is currently unsupported"
- " with privilege separation");
pamstate = OTHER;
pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCCESS)
fatal("PAM pam_chauthtok failed[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
-#if 0
/* XXX: This would need to be done in the parent process,
*...
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> -----
Date: Fri, 2 May 2003 14:01:33 +0200
From: Andrea Barisani <lcars at infis.univ.trieste.it>
To: openssh at openssh.com
Subject: openssh 3.6.1_p2 problem with pam
Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour:
# ssh -l lcars mybox
[2 seconds delay]
lcars at mybox's
2003 Mar 20
4
Call for testing for 3.6: password expiry?
I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible:
http://bugzilla.mindrot.org/show_bug.cgi?id=14
On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1:
http://bugzilla.mindrot.org/show_bug.cgi?id=125
In fact, both patches work together, apparently.
If I have any
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...==================================
RCS file: /cvs/openssh/auth-pam.c,v
retrieving revision 1.54
diff -u -r1.54 auth-pam.c
--- auth-pam.c 28 Jul 2002 20:24:08 -0000 1.54
+++ auth-pam.c 20 Nov 2002 13:12:12 -0000
@@ -60,7 +60,7 @@
/* states for do_pam_conversation() */
enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
/* remember whether pam_acct_mgmt() returned PAM_NEW_AUTHTOK_REQD */
-static int password_change_required = 0;
+extern int password_change_required;
/* remember whether the last pam_authenticate() succeeded or not */
static int was_authenticated = 0;
@@ -256,7 +256,6 @@
cas...
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...l));
+ }
+}
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
@@ -344,17 +354,15 @@
do_pam_set_conv(&conv);
if (password_change_required) {
- if (use_privsep)
- fatal("Password changing is currently unsupported"
- " with privilege separation");
pamstate = OTHER;
pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCCESS)
fatal("PAM pam_chauthtok failed[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
-#if 0
/* XXX: This would need to be done in the parent process,
*...
2002 Jul 25
0
openssh-unix-dev digest, Vol 1 #505 - 15 msgs
...ed to openssh3.4p-1 and it's compiled with
>
> pam. The problem I'm getting is that SecurID auth works OK, but normal
> password auth doesn't. I narrowed down the failure to the following
> section
> in auth-pam.c :
>
> __pampasswd = password;
>
> pamstate = INITIAL_LOGIN;
> pam_retval = do_pam_authenticate(
> options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK
> :
> 0);
>
> but I can't see how this works. Can anyone enlighten me please? I know
> that
> the password is correct but pam_retva...