search for: permit_no_passwd

...PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD) return 0; #endif [snip] Was this intentional? -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...riticize as appropriate. bob diff -r -u openssh-3.7.1p2-vanilla/auth.c openssh-3.7.1p2/auth.c --- openssh-3.7.1p2-vanilla/auth.c Tue Sep 2 23:32:46 2003 +++ openssh-3.7.1p2/auth.c Mon Nov 17 20:32:45 2003 @@ -315,7 +315,8 @@ return 1; break; case PERMIT_NO_PASSWD: - if (strcmp(method, "password") != 0) + if (strcmp(method, "password") != 0 + && strcmp(method, "keyboard-interactive/pam") != 0) return 1; break; case PERMIT_FORCED_ON...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...(code == sAddressFamily) { - switch (val) { - case AF_INET: - return "inet"; - case AF_INET6: - return "inet6"; - case AF_UNSPEC: - return "any"; - default: - return "UNKNOWN"; - } - } - if (code == sPermitRootLogin) { - switch (val) { - case PERMIT_NO_PASSWD: - return "without-password"; - case PERMIT_FORCED_ONLY: - return "forced-commands-only"; - case PERMIT_YES: - return "yes"; - } + u_int i; + + if (val == -1) + return "unset"; + for (i = 0; m[i].key != NULL; i++) { + if (m[i].value == val) + ret...

...t char *password) +/* Attempt password authentication using PAM */ +int auth_pam_password(struct passwd *pw, const char *password, int prompt_type) { extern ServerOptions options; int pam_retval; @@ -211,12 +249,14 @@ return 0; if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) return 0; - if (*password == '\0' && options.permit_empty_passwd == 0) + if (*password == '\0' && options.permit_empty_passwd == 0 && + prompt_type == PAM_PROMPT_ECHO_OFF) return 0; __pampasswd = password; pamstate = INITIAL_LOGIN; + pam...

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

...uot;, + filename, linenum, p); + break; + + case sPermitTcpListen: + intptr = &options->permit_tcp_listen; goto parse_flag; case sUsePrivilegeSeparation: --- servconf.h 28 Jan 2003 18:06:52 -0000 1.1.1.2 +++ servconf.h 29 Jan 2003 21:26:12 -0000 1.7 @@ -32,6 +33,13 @@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 +/* restrictions */ +#define RESTRICT_AGENT 1 +#define RESTRICT_ENV 2 +#define RESTRICT_RC 4 +#define RESTRICT_TCP 8 +#define RESTRICT_X11 16 + typedef struct { u_int num_ports; @@ -98,6 +106,9 @@ int permit_empty_passwd; /* If false, do not permit empty...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the