search for: password_authentication

...plicationController def create if using_open_id? cookies[:use_open_id] = {:value => ''1'', :expires => 1.year.from_now.utc} open_id_authentication else cookies[:use_open_id] = {:value => ''0'', :expires => 1.year.ago.utc} password_authentication params[:login], params[:password] end end protected def open_id_authentication authenticate_with_open_id params[:openid_url] do |result, openid_url| if result.successful? if self.current_user = User.find_by_openid_url(openid_url) successful_login...

There is one spot where the password_authentication option was ignored, patch follows. Wichert. diff -wur org/openssh-2.5.2p2/auth2.c openssh-2.5.2p2/auth2.c --- org/openssh-2.5.2p2/auth2.c Sun Mar 11 21:01:56 2001 +++ openssh-2.5.2p2/auth2.c Mon Jun 4 23:31:54 2001 @@ -397,7 +397,7 @@ authenticated = auth2_challenge(authctxt,...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...okenPassing: intptr = &options->afs_token_passing; goto parse_flag; @@ -757,7 +757,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) options->afs_token_passing = -1; #endif options->password_authentication = -1; @@ -839,7 +839,7 @@ if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 1; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) if (options->afs_token_passing == -1) options->afs_token_passing = 1; #endif --- readconf.h 2002/01/23 12:18:23...

...th1.c --- auth1.c 2001/06/05 18:56:17 1.41 +++ auth1.c 2001/06/19 06:41:35 @@ -83,7 +83,7 @@ authctxt->valid ? "" : "illegal user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ - if (options.password_authentication && + if (options.password_authentication && options.permit_empty_passwd && #ifdef KRB4 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...e: /cvs/src/usr.bin/ssh/auth2-none.c,v retrieving revision 1.5 diff -u -p -r1.5 auth2-none.c --- auth2-none.c 2003/07/31 09:21:02 1.5 +++ auth2-none.c 2003/08/09 04:45:13 @@ -96,7 +96,7 @@ userauth_none(Authctxt *authctxt) none_enabled = 0; packet_check_eom(); userauth_banner(); - if (options.password_authentication && authctxt->valid) + if (options.password_authentication && options.permit_empty_passwd) return (PRIVSEP(auth_password(authctxt, ""))); return (0); }

....rb doesn''t have anything new inside... same code as used with rails 1.2 (is it right ?) class SessionsController < ApplicationController def new @login = "" end def create if open_id?(params[:login]) open_id_authentication params[:login] else password_authentication params[:login], params[:password] end end what should I take care in this conversion ? thanks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk...

...th(1, authctxt->pw) == 0) return(0); #endif - return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid; + return PRIVSEP(auth_password(authctxt, "")) + && authctxt->valid + && options.password_authentication; } Authmethod method_none = { ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The authentication method "none" (which allows the user to log into an account with an empty password) returns 1 only if PasswordAuthentication is set to "yes". complete debug of problem below: uw7: /...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

...= &options->batch_mode; goto parse_flag; @@ -818,6 +833,8 @@ options->challenge_response_authentication = -1; options->kerberos_authentication = -1; options->kerberos_tgt_passing = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; @@ -894,6 +911,10 @@ options->kerberos_authentication = 1; if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 1; + if (options->gss_authentication == -1)...

...uth */ >+ auth_log(authctxt, authenticated, method, " ssh2"); I don't see why this in needed. Until you get to options.max_authtries/2 failures (which used to be hard-coded to AUTH_FAIL_MAX/2 = 3) it will only get logged at "verbose" level anyway. >+ if (!options.password_authentication || !options.permit_empty_passwd) >+ return(0); Handled in auth-passwd.c (see above). >- retval = (do_pam_authenticate(0) == PAM_SUCCESS); >+ retval = (do_pam_authenticate(options.permit_empty_passwd == 0 >+ ? PAM_DISALLOW_NULL_AUTHTOK >+ : 0) == PAM_SUCCESS); &gt...

...am_password(pw, ""); + return auth_pam_password(pw, "", SSH_CMSG_AUTH_PASSWORD); #elif defined(HAVE_OSF_SIA) return(sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, @@ -284,7 +287,7 @@ packet_done(); if (options.password_authentication && #ifdef USE_PAM - auth_pam_password(pw, password) == 1) + auth_pam_password(pw, password, SSH_CMSG_AUTH_PASSWORD) == 1) #elif defined(HAVE_OSF_SIA) sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, diff -urN -x *~ ope...

...&& options.rsa_authentication) { @@ -1226,6 +1245,7 @@ if (try_challenge_response_authentication()) goto success; } + /* Try password authentication if the server supports it. */ if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && options.password_authentication && !options.batch_mode) { @@ -1255,22 +1275,6 @@ krb5_free_context(context); #endif -#ifdef AFS - /* Try Kerberos v4 TGT passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options.kerberos_tgt_passing) { -...

...============================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.98 diff -u -p -r1.98 servconf.c --- servconf.c 24 Feb 2003 01:04:34 -0000 1.98 +++ servconf.c 1 Mar 2003 17:37:42 -0000 @@ -100,6 +100,7 @@ initialize_server_options(ServerOptions options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; + options->challenge_response_authentication_first = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; options->use_login = -1; @@ -222,6 +223,13 @@ f...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for