search for: sshd_pam_service

Displaying 15 results from an estimated 15 matches for "sshd_pam_service".

2002 Dec 05
1
patch to add a PAMServiceName config option
I append a patch against openssh-3.5p1.tar.gz which adds a config option PAMServiceName. The option allows one to specify the PAM service at runtime in the config file rather than using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch SSHD_PAM_SERVICE is not used in auth-pam.c so I moved the definition out of auth-pam.h into servconf.h. Effectively SSHD_PAM_SERVICE now merely supplies...
2002 Nov 24
1
[PATCH] PamServiceNameAppend
...e server, and would like to use /etc/pam.d/ssh_remote as the pam config-file for the second instance of sshd and continue to use /etc/pam.d/ssh for the first one. It comes down to change the "service_name" parameter of pam_start() for the second daemon. I had a look in the source and SSHD_PAM_SERVICE is a constant. I could of course recompile with -DSSHD_PAM_SERVICE= "ssh_remote" but I would have to have two sets of binaries : One sshd and another sshd_remote. Not really easy. :-( Attached is a patch that allows me to do this in the config file by appending a strin...
2001 Feb 22
5
PAM Service Name Patch
...#define NEW_AUTHTOK_MSG \ diff -urN openssh-2.5.1p1-orig/ssh.h openssh-2.5.1p1/ssh.h --- openssh-2.5.1p1-orig/ssh.h Mon Feb 5 09:43:59 2001 +++ openssh-2.5.1p1/ssh.h Thu Feb 22 10:50:20 2001 @@ -61,7 +61,7 @@ #define SSH_SERVICE_NAME "ssh" #if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE) -# define SSHD_PAM_SERVICE "sshd" +# define SSHD_PAM_SERVICE __progname #endif /*
2003 Jun 11
2
[Patch] PAM Service name option
It's sometimes desired to be able to alter login policy depending upon how the person was connecting for the ssh server. For example you might want different rules on the internal and external interface of a gateway. In another setup you might want an sshd with a different login policy running on a different port - and setup different firewalling rules (for example). I have implemented such
2004 Jun 23
3
[PATCH] make pam service a settable option
This patch adds a config file option 'PAMService' that sets the PAM service sshd will use. It should leave the current behavior unchanged if PAMService is not set in the config file (i.e. use __progname for the service or SSHD_PAM_SERVICE if it's set at compile time). The patch is against the current portability release in CVS. Why would you want something like this? I have a machine at work that I use as an SSH bastion. It runs a "normal" ssh daemon that allows root logins, etc that I use for management, and a second...
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...nge_required) { + pamstate = OTHER; + do { + pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + } while (pam_retval != PAM_SUCCESS); } } @@ -238,12 +291,11 @@ debug("Starting up PAM with username \"%.200s\"", pw->pw_name); - pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, - (pam_handle_t**)&pamh); + pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); if (pam_retval != PAM_SUCCESS) { fatal("PAM initialisation failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_ST...
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
...t */ +static void start_pam2(struct passwd *pw, int auth_type) +{ int pam_retval; + const char *service=NULL; - debug("Starting up PAM with username \"%.200s\"", pw->pw_name); + switch (auth_type) { + case SSH_CMSG_AUTH_PASSWORD : + service=SSHD_PAM_SERVICE; + break; + case SSH_CMSG_AUTH_TIS : + service=SSHD_PAM_TIS_SERVICE; + break; + default: + fatal("PAM attempted for unsupported authentication type\n"); + } + + current_auth_type=auth_type; + + debug("Sta...
2005 May 16
4
[Bug 1041] Allow the admin to specify PAM service name
http://bugzilla.mindrot.org/show_bug.cgi?id=1041 Summary: Allow the admin to specify PAM service name Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org
2007 Aug 18
1
PAM service used by OpenSSH on Solaris?
Hello. Which pam service is sshd using on Solaris? Is it sshd? Thanks, Alexander Skwar -- Message from Our Sponsor on ttyTV at 13:58 ...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
....h,v retrieving revision 1.16 diff -u -r1.16 auth-pam.h --- auth-pam.h 23 Jul 2002 00:44:07 -0000 1.16 +++ auth-pam.h 21 Dec 2002 11:39:05 -0000 @@ -25,6 +25,8 @@ */ #include "includes.h" +#include "channels.h" +#include "session.h" #ifdef USE_PAM #if !defined(SSHD_PAM_SERVICE) Index: monitor.c =================================================================== RCS file: /cvs/openssh/monitor.c,v retrieving revision 1.33 diff -u -r1.33 monitor.c --- monitor.c 9 Nov 2002 15:47:49 -0000 1.33 +++ monitor.c 21 Dec 2002 11:39:06 -0000 @@ -118,6 +118,7 @@ #ifdef USE_PAM int...
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...v retrieving revision 1.16 diff -u -u -r1.16 auth-pam.h --- auth-pam.h 23 Jul 2002 00:44:07 -0000 1.16 +++ auth-pam.h 10 Dec 2002 12:34:10 -0000 @@ -25,6 +25,8 @@ */ #include "includes.h" +#include "channels.h" +#include "session.h" #ifdef USE_PAM #if !defined(SSHD_PAM_SERVICE) Index: monitor.c =================================================================== RCS file: /cvs/openssh/monitor.c,v retrieving revision 1.33 diff -u -u -r1.33 monitor.c --- monitor.c 9 Nov 2002 15:47:49 -0000 1.33 +++ monitor.c 10 Dec 2002 12:34:11 -0000 @@ -118,6 +118,7 @@ #ifdef USE_PAM...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...AM_SUCCESS && strcmp(user, pam_user) == 0) return (0); - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; + pam_end(grab_pamh(0, NULL), sshpam_err); + grab_pamh(1, NULL); } debug("PAM: initializing for \"%s\"", user); sshpam_err = - pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle_holder); + grab_pamh(1, sshpam_handle_holder); if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; + pam_end(grab_pamh(0, NULL), ssh...
2000 Aug 24
0
patch for a few things
...ons are added at the bottom, they'll be in user section rather than the server section. - on startup, have sshd log the PAM service it's going to recognize. I had a situation with machines using different strings (sometimes the default "sshd", sometimes compiled with -DSSHD_PAM_SERVICE="ssh"), and I couldn't tell which the particular binary was looking for. Doing a 'strings' on the binary didn't help. :) So, I added a message to log this on startup, when compiled with PAM support. - in auth-pam.c:pamconv(), add support for PAM_ERROR_MSG. Al...
2002 Jul 02
3
New PAM kbd-int diff
...} - packet_send(); - packet_write_wait(); + free(*resp); + *resp = NULL; + return (PAM_CONV_ERR); +} +/* + * Child process. + */ +static void * +sshpam_child(struct sshpam_ctxt *ctxt) +{ + struct pam_conv conv = { sshpam_child_conv, ctxt }; + pam_handle_t *sshpamh; + int err; + + err = pam_start(SSHD_PAM_SERVICE, ctxt->user, &conv, &sshpamh); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_authenticate(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_acct_mgmt(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; +#if 0 /* - * Grabbing control of execution an...
2002 Jun 25
4
PAM kbd-int with privsep
...} - packet_send(); - packet_write_wait(); + free(*resp); + *resp = NULL; + return (PAM_CONV_ERR); +} +/* + * Child process. + */ +static void * +sshpam_child(struct sshpam_ctxt *ctxt) +{ + struct pam_conv conv = { sshpam_child_conv, ctxt }; + pam_handle_t *sshpamh; + int err; + + err = pam_start(SSHD_PAM_SERVICE, ctxt->user, &conv, &sshpamh); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_authenticate(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_acct_mgmt(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; +#if 0 /* - * Grabbing control of execution an...