search for: sshpam_store_conv

...e now down under there where the gremlins live. Below is a patch for this, but here's the verbal: To keep the basic limited prototyping model this code seems to be following, I moved do_pam_account() down below the definition of the function that I wanted to use for the conversation function (sshpam_store_conv()). Then, inside do_pam_account, I set PAM up with that conversation function just before it calls pam_acct_mgmt(). However, this created the side effect that any time do_pam_account() gets called, the conversation function would always get reset to sshpam_store_conv(). Although I thought this wou...

...OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: tomas.kuthan at oracle.com Currently OpenSSH runs pam_setcred with 'fake' conversation function sshpam_store_conv. If some PAM module actually tries to converse for pam_setcred, sshpam_store_conv fails with PAM_CONV_ERR. But there are/will be real world PAM modules, that actually need to converse for pam_setcred. This bugs asks for making that possible for keyboard-interactive authentication. Allowing pam_se...

http://bugzilla.mindrot.org/show_bug.cgi?id=892 Summary: Send output from PAM account modules to user Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=926 Jan Engelhardt <jengelh at gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at gmx.de --- Comment #33 from Jan Engelhardt <jengelh at

...und some archived email to this list with: Subject: PATCH: Public key authentication defeats passwd age warning. that sounds like it is closely related from Sep. 2004, but applying the patch found there hasn't helped my situation. I tried forcing the use of various conversation functions, (sshpam_store_conv, sshpam_tty_conv, sshpam_passwd_conv) but can't get anything to print to the users terminal. I've seen other posts which suggest that using posix_threads may work, but only if all other modules are thread-safe, and that this is not the preferred workaround. I'm running out of things t...

...nasim-ubuntu1 sshd[8569]: debug1: PAM: establishing credentials Dec 16 22:22:13 knasim-ubuntu1 sshd[8569]: debug3: PAM: opening session Dec 16 22:22:13 knasim-ubuntu1 sshd[8569]: pam_unix(sshd:session): session opened for user nasim by (uid=0) Dec 16 22:22:13 knasim-ubuntu1 sshd[8569]: debug3: PAM: sshpam_store_conv called with 1 messages Dec 16 22:22:13 knasim-ubuntu1 sshd[8569]: message repeated 2 times: [ debug3: PAM: sshpam_store_conv called with 1 messages] Dec 16 22:22:13 knasim-ubuntu1 sshd[8569]: User child is on pid 8623 Dec 16 22:22:13 knasim-ubuntu1 sshd[8623]: debug1: SELinux support disabled Dec 1...

Hi folks, I came across this issue on both stock CentOS(v6.4) and Ubuntu(14.04 LTS) and was wondering if any of you have seen it. As far as I can tell this seems like a day-1 bug to me. PROBLEM: If I expire a linux user's password (passwd -e <user>) and then log in via ssh, it will prompt you for a password change. On changing the password successfully, sshd will drop the connection

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

...g1: temporarily_use_uid: 1008/999 (e=0/0) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/0 debug1: SELinux support enabled debug3: ssh_selinux_setup_pam_variables: setting execution context debug1: PAM: establishing credentials debug3: PAM: opening session debug3: PAM: sshpam_store_conv called with 1 messages PAM: pam_open_session(): Authentication failure debug1: PAM: establishing credentials debug1: permanently_set_uid: 1008/999 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 6 setting O_NONBLOCK debug2: fd 7 sett...

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"