search for: ssh_cmsg_auth_ti

...malloc(num_msg * sizeof(*reply)); @@ -70,13 +75,58 @@ for(count = 0; count < num_msg; count++) { switch (msg[count]->msg_style) { case PAM_PROMPT_ECHO_OFF: - if (pampasswd == NULL) { - free(reply); - return PAM_CONV_ERR; + if (current_auth_type==SSH_CMSG_AUTH_TIS && pampasswd==NULL) { + /* TIS */ + int prompt_len; + char *prompt; + debug("send SSH_SMSG_AUTH_TIS_CHALLENGE in PAM"); + /*...

...d(SKEY) && defined(TIS_AUTH) +#error "S/Key and TIS authentication is not supported at the same time" +#endif + /* * convert ssh auth msg type into description */ @@ -60,6 +68,10 @@ case SSH_CMSG_AUTH_KERBEROS: return "kerberos"; #endif +#ifdef TIS_AUTH + case SSH_CMSG_AUTH_TIS_RESPONSE: + return "tis"; +#endif #ifdef SKEY case SSH_CMSG_AUTH_TIS_RESPONSE: return "s/key"; @@ -91,6 +103,9 @@ unsigned int ulen; int type = 0; void (*authlog) (const char *fmt,...) = verbose; +#ifdef TIS_AUTH + struct tis_context *tis = NULL; +#endif /* Ind...

http://bugzilla.mindrot.org/show_bug.cgi?id=165 ------- Additional Comments From markus at openbsd.org 2002-03-17 04:31 ------- never seen this. what does sshd -ddd say? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...izeof(buf)); + debug("sending challenge '%s'", buf); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_cstring(buf); + packet_send(); + packet_write_wait(); + + /* Give the response to the PAM module */ + if ((type = packet_read(&plen)) != + SSH_CMSG_AUTH_TIS_RESPONSE) { + free(reply); + return PAM_CONV_ERR; + } + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); + response = packet_get_string(&dlen); + debug("got response '%s'", response); + packet_integrity_check(plen, 4 + dlen, type); + reply[count]....

...so s/key kicks in automatically, and ssh_config also has s/key authentication enabled) Sshd dies. Debug output shows: ... debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for illegal user blah. debug1: rcvd SSH_CMSG_AUTH_TIS debug1: generating fake skeyinfo for blah. Segmentation fault (core dumped) [root at x openssh-2.3.0p1]# Funny enough, core file is created in the root (/core) - I am not sure if that is 'expected' behavior - never had sshd crash before :) gdb output shows: (gdb) where #0 0x400ae0d6 in...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the