search for: sshpam_auth_passwd

...with TCB enhanced security locks the root account. I suppose the problem could be solved at two separate levels, for SIA only in auth-sia.c, or for any password using auth method in auth-passwd.c. I'd prefer a fix just for auth-passwd.c, are there any reasons to try out auth_krb5_password, sshpam_auth_passwd or sys_auth_passwd if variable "ok" is set to zero already? Cheers, -Antti Index: auth-passwd.c =================================================================== RCS file: /openssh/openssh_cvs/auth-passwd.c,v retrieving revision 1.86 diff -u -r1.86 auth-passwd.c --- auth-passwd.c 5...

...from any other ssh code (judging from CVS as of 27.6.2004). I noticed this because the current openssh package in Debian unstable (3.8.1p1) is not calling the pam_authenticate() function at all, regardless of my configuration settings. In CVS this seems to be fixed with the recently added function sshpam_auth_passwd() in auth-pam.c. But what about sshpam_thread(), is this function unneeded now or should it be called from somewhere? Cheers, Bastian PS: Please CC me, I am not subscribed. - -- ,''`. Bastian Kleineidam . calvin (at) debian.org : :' : `. `' GnuPG Schl?ssel http://kamp...

...penssh community interested in this patch? Second, if there is interest in the patch, how do I go about submitting the patch for formal review? Third, regardless of interest by the openssh community, is there anyone willing to review this code for me? PS I've tested the code path going through sshpam_auth_passwd(), but do know how to test the code path that goes through sshpam_thread(). <patch against 4.6p1 (portable) attached> -- James R. Leu jleu at inoc.com INOC -> http://inoc.com/ DELIVERING UPTIME -------------- next part -------------- diff -uNr openssh-4.6p1/auth-pam.c openssh-4.6p1.jleu/...

Dear OpenSSH Developers, I would like to propose a patch to OpenSSH for Linux. In the recent few months, I have encountered a scenario where a PAM module used for authentication in SSH should be informed about the previous successful authentication methods. I described the complete scenario here:

...m /usr/lib/security/libpam_unix.so.1 #2 0x7ab90f40 in <unknown_procedure> + 0x1c0 () from /usr/lib/security/libpam_unix.so.1 #3 0x7ab90910 in pam_sm_authenticate+0x588 () from /usr/lib/security/libpam_unix.so.1 #4 0x7abd02ac in pam_authenticate+0xd0 () from /usr/lib/libpam.1 #5 0x26934 in sshpam_auth_passwd (authctxt=0x400118d8, password=0x73745f72 <Error reading address 0x73745f72: Bad address>) at auth-pam.c:1208 #6 0xced4 in auth_password (authctxt=0x6, password=0x72656164 <Error reading address 0x72656164: Bad address>) at auth-passwd.c:116 #7 0x20f38 in mm_answer_authpasswor...

...strings sent to the conversation function. ---- But sshpam_passwd_conv() "Assumes that echo-off prompts are for the password" and pass password as a reply. It could lead that password is exposed to a wrong consumer. Correct solution is to set AUTHTOK before pam_autheticate is called in sshpam_auth_passwd() function. Something like this: pam_set_item(sshpam_handle, PAM_AUTHTOK, password); -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.