search for: ssh_cmsg_auth_tis_response

...packet_put_string(prompt, prompt_len); + xfree(prompt); + packet_send(); + packet_write_wait(); + type = packet_read(&plen); + if (type == SSH_CMSG_AUTH_TIS_RESPONSE) { + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE in PAM"); + pampasswd = packet_get_string(&dlen); + packet_integrity_check(plen, 4 + dlen, type); + } els...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...izeof(buf)); + debug("sending challenge '%s'", buf); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_cstring(buf); + packet_send(); + packet_write_wait(); + + /* Give the response to the PAM module */ + if ((type = packet_read(&plen)) != + SSH_CMSG_AUTH_TIS_RESPONSE) { + free(reply); + return PAM_CONV_ERR; + } + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); + response = packet_get_string(&dlen); + debug("got response '%s'", response); + packet_integrity_check(plen, 4 + dlen, type); + reply[count].resp = xst...

...d(SKEY) && defined(TIS_AUTH) +#error "S/Key and TIS authentication is not supported at the same time" +#endif + /* * convert ssh auth msg type into description */ @@ -60,6 +68,10 @@ case SSH_CMSG_AUTH_KERBEROS: return "kerberos"; #endif +#ifdef TIS_AUTH + case SSH_CMSG_AUTH_TIS_RESPONSE: + return "tis"; +#endif #ifdef SKEY case SSH_CMSG_AUTH_TIS_RESPONSE: return "s/key"; @@ -91,6 +103,9 @@ unsigned int ulen; int type = 0; void (*authlog) (const char *fmt,...) = verbose; +#ifdef TIS_AUTH + struct tis_context *tis = NULL; +#endif /* Indicate that...

...askpass(askpass, + "Permission denied, please try again:"); + else + response = ssh_askpass(askpass, buf); + } else { + if (i != 0) + error("Permission denied, please try again."); + response = read_passphrase("Response: ", 0); + } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); packet_put_string(response, strlen(response)); memset(response, 0, strlen(response)); @@ -657,14 +687,31 @@ { int type, i, payload_len; char *password; + int interactive = isatty(STDIN_FILENO); + char *askpass = NULL; debug("Doing password authentication."); if (options...

...const char * askpass; + if ((askpass = getenv(SSH_ASKPASS_ENV))) + response = ssh_askpass(askpass, "Response: "); + else + response = ssh_askpass(SSH_ASKPASS_DEFAULT, "Response: "); + } else + response = read_passphrase("Response: ", 0); packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); packet_put_string(response, strlen(response)); memset(response, 0, strlen(response)); @@ -954,7 +971,14 @@ for (i = 0; i < options.number_of_password_prompts; i++) { if (i != 0) error("Permission denied, please try again."); - password = read_passphrase(prompt, 0); +...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...uot;SNK response is %s", response); + } else { snprintf(prompt, sizeof prompt, "%s%s", challenge, strchr(challenge, '\n') ? "" : "\nResponse: "); xfree(challenge); @@ -657,6 +709,7 @@ xfree(response); break; } + } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); ssh_put_password(response); memset(response, 0, strlen(response));