search for: permit_no_passwd

Displaying 11 results from an estimated 11 matches for "permit_no_passwd".

2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
...PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD) return 0; #endif [snip] Was this intentional? -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
...riticize as appropriate. bob diff -r -u openssh-3.7.1p2-vanilla/auth.c openssh-3.7.1p2/auth.c --- openssh-3.7.1p2-vanilla/auth.c Tue Sep 2 23:32:46 2003 +++ openssh-3.7.1p2/auth.c Mon Nov 17 20:32:45 2003 @@ -315,7 +315,8 @@ return 1; break; case PERMIT_NO_PASSWD: - if (strcmp(method, "password") != 0) + if (strcmp(method, "password") != 0 + && strcmp(method, "keyboard-interactive/pam") != 0) return 1; break; case PERMIT_FORCED_ON...
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for
2011 Jun 22
3
sandbox pre-auth privsep child
...(code == sAddressFamily) { - switch (val) { - case AF_INET: - return "inet"; - case AF_INET6: - return "inet6"; - case AF_UNSPEC: - return "any"; - default: - return "UNKNOWN"; - } - } - if (code == sPermitRootLogin) { - switch (val) { - case PERMIT_NO_PASSWD: - return "without-password"; - case PERMIT_FORCED_ONLY: - return "forced-commands-only"; - case PERMIT_YES: - return "yes"; - } + u_int i; + + if (val == -1) + return "unset"; + for (i = 0; m[i].key != NULL; i++) { + if (m[i].value == val) + ret...
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...t char *password) +/* Attempt password authentication using PAM */ +int auth_pam_password(struct passwd *pw, const char *password, int prompt_type) { extern ServerOptions options; int pam_retval; @@ -211,12 +249,14 @@ return 0; if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) return 0; - if (*password == '\0' && options.permit_empty_passwd == 0) + if (*password == '\0' && options.permit_empty_passwd == 0 && + prompt_type == PAM_PROMPT_ECHO_OFF) return 0; __pampasswd = password; pamstate = INITIAL_LOGIN; + pam...
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's
2003 Jan 29
0
[PATCH] features for restricted shell environments
...uot;, + filename, linenum, p); + break; + + case sPermitTcpListen: + intptr = &options->permit_tcp_listen; goto parse_flag; case sUsePrivilegeSeparation: --- servconf.h 28 Jan 2003 18:06:52 -0000 1.1.1.2 +++ servconf.h 29 Jan 2003 21:26:12 -0000 1.7 @@ -32,6 +33,13 @@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 +/* restrictions */ +#define RESTRICT_AGENT 1 +#define RESTRICT_ENV 2 +#define RESTRICT_RC 4 +#define RESTRICT_TCP 8 +#define RESTRICT_X11 16 + typedef struct { u_int num_ports; @@ -98,6 +106,9 @@ int permit_empty_passwd; /* If false, do not permit empty...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the