search for: setcred

...(0x102e340) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:auth): [pamh: 0x1022c38] STATE: DATA(PAM_WINBIND_LOGONSERVER) = "PI-DC" (0x102e3a8) Jul 24 10:13:18 pi-dc sshd[865]: Accepted password for roy from 192.168.2.240 port 59748 ssh2 Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] ENTER: pam_sm_setcred (flags: 0x0002) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] STATE: ITEM(PAM_SERVICE) = "sshd" (0x10226f8) Jul 24 10:13:18 pi-dc sshd[865]: pam_winbind(sshd:setcred): [pamh: 0x1022c38] STATE: ITEM(PAM_USER) = &quot...

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

...EW_AUTHTOK_REQD is set sshd[12345]: pam_winbind(sshd:account): user 'user2' needs new password sshd[12345]: pam_winbind(sshd:account): [pamh: 0x12345678] LEAVE: pam_sm_acct_mgmt returning 12 sshd[12345]: Accepted password for user2 from 127.0.0.1 port 4711 ssh2 sshd[12345]: pam_winbind(sshd:setcred): [pamh: 0x12345678] ENTER: pam_sm_setcred (flags: 0x0002) sshd[12345]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented sshd[12345]: pam_winbind(sshd:setcred): [pamh: 0x12345678] LEAVE: pam_sm_setcred returning 0 sshd[12345]: pam_unix(sshd:session): session opened for user user2 by (u...

...GONSCRIPT) = "default.bat" (0xb52e80) > Jul 29 09:33:53 brayden xrdp-sesman[1652]: > pam_winbind(xrdp-sesman:auth): [pamh: 0xb4cac0] STATE: > DATA(PAM_WINBIND_LOGONSERVER) = "DC1" (0xb54280) > Jul 29 09:33:53 brayden xrdp-sesman[2936]: > pam_winbind(xrdp-sesman:setcred): [pamh: 0xb4cac0] ENTER: > pam_sm_setcred (flags: 0x0002) > Jul 29 09:33:53 brayden xrdp-sesman[2936]: > pam_winbind(xrdp-sesman:setcred): [pamh: 0xb4cac0] STATE: > ITEM(PAM_SERVICE) = "xrdp-sesman" (0xb471c0) > Jul 29 09:33:53 brayden xrdp-sesman[2936]: > pam_winbi...

...n 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account): [pamh: 0x1f06f48] LEAVE: pam_sm_acct_mgmt returning 12 (PAM_NEW_AUTHTOK_REQD) Jun 24 15:29:58 history-20 sshd[4656]: Accepted password for cmthielen from 127.0.0.1 port 36881 ssh2 Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] ENTER: pam_sm_setcred (flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 1...

...n 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:account): [pamh: 0x1f06f48] LEAVE: pam_sm_acct_mgmt returning 12 (PAM_NEW_AUTHTOK_REQD) Jun 24 15:29:58 history-20 sshd[4656]: Accepted password for cmthielen from 127.0.0.1 port 36881 ssh2 Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] ENTER: pam_sm_setcred (flags: 0x0002) Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): PAM_ESTABLISH_CRED not implemented Jun 24 15:29:58 history-20 sshd[4656]: pam_winbind(sshd:setcred): [pamh: 0x1f06f48] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) Jun 24 1...

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

On Fri, 12 Jan 2007, Nicolas Geoffray wrote: > I'm currently implementing a linux/ppc target in llvm. The abis between cool > Darwin/ppc and linux/ppc are different and I'm running into problems > with vararg calls. ok > Before a variadic method is called, an extra instruction must be > executed (which is creqv 6, 6, 6). This instruction is not necessary in >

...#39;sachs' granted access pam_winbind(gdm:auth): Returned user was 'sachs' pam_winbind(gdm:auth): [pamh: 0x88bcf70] LEAVE: pam_sm_authenticate returning 0 pam_winbind(gdm:account): user 'sachs' OK pam_winbind(gdm:account): user 'sachs' granted access pam_winbind(gdm:setcred): [pamh: 0x88bcf70] ENTER: pam_sm_setcred (flags: 0x0002) pam_winbind(gdm:setcred): PAM_ESTABLISH_CRED not implemented pam_winbind(gdm:setcred): [pamh: 0x88bcf70] LEAVE: pam_sm_setcred returning 0 Some configurations: 1 - Nsswitch configure with LDAP, its work fine. 2 - smb.conf [global]...

Hi all, I'm currently implementing a linux/ppc target in llvm. The abis between Darwin/ppc and linux/ppc are different and I'm running into problems with vararg calls. Before a variadic method is called, an extra instruction must be executed (which is creqv 6, 6, 6). This instruction is not necessary in Darwin/ppc. I looked into the PowerPC target implementation and the code generation

Logwatch on my NU-BQ+CentOS box has been giving me these errors for the last week or so. Any ideas on what is causing this? --------------------- proftpd-messages Begin ------------------------ **Unmatched Entries** secure2.pdcweb.net (localhost[127.0.0.1]) - PAM(setcred): System error secure2.pdcweb.net (localhost[127.0.0.1]) - PAM(close_session): System error secure2.pdcweb.net (localhost[127.0.0.1]) - PAM(setcred): System error secure2.pdcweb.net (localhost[127.0.0.1]) - PAM(close_session): System error secure2.pdcweb.net (localhost[127.0.0.1]) - PAM(setcred): S...

...4 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:account): user 'rking' OK Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:account): user 'rking' granted access Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): [pamh: 0x0061b220] ENTER: pam_sm_setcred (flags: 0x0008) Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): PAM_REINITIALIZE_CRED not implemented Aug 9 16:39:44 pc15 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:setcred): [pamh: 0x0061b220] LEAVE...

...;ve been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the moment, if we're doing challenge-response then pam_authenticate is happening in the PAM "thread", so the pam_h we call pam_setcred with isn't the one that we called pam_authenticate with. The pam_h the ma...

...session): session opened for user username by (uid=0) Apr 25 07:00:02 hostname1 CRON[27410]: pam_unix(cron:session): session closed for user nobody Apr 25 07:00:03 hostname1 sshd[27413]: pam_unix(sshd:session): session closed for user username Apr 25 07:00:03 hostname1 sshd[27413]: pam_winbind(sshd:setcred): user 'username' OK Apr 25 07:00:03 hostname1 systemd-logind[25400]: Removed session 4871. Apr 25 07:00:04 hostname1 sshd[27490]: reverse mapping checking getaddrinfo for unknown.domain.tld [1.2.3.4] failed. Apr 25 07:00:04 hostname1 sshd[27490]: pam_krb5(sshd:auth): authentication failure...

...e relevant to all dovecot users and if they can be applied to dovecot. From: http://dl.atrpms.net/all/dovecot-1.0-0_10.99.beta7.el4.at.src.rpm patch: dovecot-1.0.beta2-mkcert-permissions.patch calls 'chown root.root', is good to have the certs owned by root? patch: dovecot-1.0.beta2-pam-setcred.patch is dissables the call to pam_setcred() because there is no other call to pam_setcred() in order to release the resources patch: dovecot-1.0.beta2-pam-tty.patch it add a call to pam_set_item() I don't to attach the patches to the list, but I can if anyone could not extract them from the...

...STABLISH means >"make it so we can use your module's credentials as root" whereas >PAM_REINITIALIZE_CREDS means "make it so we can use your module's >credentials as pam_get_item(PAM_USER)." That is wrong and is one thing the XSSO doc is clear on: "The pam_setcred() function is used to establish, modify, or delete the credentials of the current user associated with the authentication handle, pamh. " The Solaris pam_setcred(3pam) man page is less clear - I'll file a man page bug for Solaris to get it clarified better. >And, given what OpenSSH d...

...s dated into package version 1.0-0.beta2.3, but I cannot find any particular reason for the inclusion (like a bug in bugzilla, etc.). Some (winbind support, quota warnings) were obsoleted by dovecot 1.1, two are used for distro specific settings. So the only real patch that remains is the "pam_setcred" [2] patch that fixes https://bugzilla.redhat.com/show_bug.cgi?id=146198 Current state of the package for Fedora is at http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/ Dan [1] http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/dovecot-1.0.beta2-mkcert-permissions.patch?rev=1...

.../tmp/krb5cc_10006 pam_winbind(login:auth): Returned user was 'DACRIB+ldap-proxy' pam_winbind(login:auth): [pamh: 0x89f63b8] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS) pam_unix(login:session): session opened for user DACRIB+ldap-proxy by DACRIB+ldap-proxy(uid=0) pam_winbind(login:setcred): [pamh: 0x89f63b8] ENTER: pam_sm_setcred (flags: 0x0002) pam_winbind(login:setcred): PAM_ESTABLISH_CRED not implemented pam_winbind(login:setcred): [pamh: 0x89f63b8] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS) pam_unix(login:session): session closed for user DACRIB+ldap-proxy Looks like it...

...dingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 ------- I've been thinking about this. It's too late for 4.1p1, but I think the right way to fix this is to split up the do_pam_setcred() and do_pam_session() calls, and hook the do_pam_session calls into the login/logout recording in loginrec.c (to be called from the monitor). The existing loginmsg handling would allow any messages returned by PAM to be sent to the user. This would allow per-session login recording and would all...

...h acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:06 <servername> kernel: type=1104 audit(1477494066.620:642432): pid=108548 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:setcred grantors=pam_rootok acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername>...