Displaying 20 results from an estimated 122 matches for "use_pam".
2000 Oct 07
0
OpenSSH changes for BSD/OS
...e <bsd_auth.h>
+ static char *bsduser=NULL; /* XXX -- ugly, but we need the original */
+ #endif
+
/* import */
extern ServerOptions options;
extern char *forced_command;
***************
*** 315,321 ****
NULL, password) == SIASUCCESS) {
authenticated = 1;
}
! #else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* USE_PAM */
--- 321,330 ----
NULL, password) == SIASUCCESS) {
authenticated = 1;
}
! #elif defined(HAVE_BSD_AUTH)
! authenticated = auth_user...
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...in_cap.h>
+# include <bsd_auth.h>
+static char *bsduser=NULL; /* XXX -- ugly, but we need the original */
+#endif
+
/* import */
extern ServerOptions options;
extern char *forced_command;
@@ -258,7 +264,10 @@
NULL, password) == SIASUCCESS) {
authenticated = 1;
}
-#else /* !USE_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+ authenticated = auth_userokay(bsduser, NULL,
+ "auth-ssh", password);
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
/* Try authentication with the password. */
authenticated = auth_...
2000 Oct 15
1
Patch for Digital Unix SIA authentication
..._SIA)
/* Do SIA auth with password */
- if (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(), pw->pw_name, NULL, 0,
- NULL, password) == SIASUCCESS) {
- authenticated = 1;
- }
+ authenticated = auth_sia_password(pw->pw_name, password);
#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
@@ -508,9 +495,7 @@
#ifdef USE_PAM
auth_pam_password(pw, "")) {
#elif defined(HAVE_OSF_SIA)
- (sia_validate_user(NULL, saved_argc, saved_argv,
- ge...
2002 Feb 12
1
openssh + pam errors (fwd)
...-unix-dev at mindrot.org
Damien Miller maintains the OpenSSH-portable tree, he'll know what to
do with it...
-d.
---
http://www.monkey.org/~dugsong/
--- old/session.c Sat Dec 1 18:37:08 2001
+++ session.c Tue Feb 12 00:03:37 2002
@@ -437,7 +437,6 @@
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
do_pam_setcred(1);
if (is_pam_password_change_required())
packet_disconnect("Password change required but no "
@@ -494,6 +493,9 @@
#endif /* USE_PIPES */
/* Do processing for the child (exec command etc). */
+#if defined(USE_PAM)...
2003 Sep 25
2
unexpected change in "locked account" behaviour
...sed authentication.
The affected accounts were those with "*LK*" in the shadow file's
password field (and my actual problem was that I had "*LK*" where I
should have had "NP").
I believe the reason for the behaviour change is the change of the
default for options.use_pam. The reason I find this particularly
strange is that USE_PAM is not even #defined (e.g., UsePam cannot be
specified in sshd_config).
The code which is being affected by the
change is in auth.c:
| /* check for locked account */
| if (!options.use_pam && passwd && *...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...e: /cvs/openssh/auth-pam.h,v
retrieving revision 1.16
diff -u -r1.16 auth-pam.h
--- auth-pam.h 23 Jul 2002 00:44:07 -0000 1.16
+++ auth-pam.h 21 Dec 2002 11:39:05 -0000
@@ -25,6 +25,8 @@
*/
#include "includes.h"
+#include "channels.h"
+#include "session.h"
#ifdef USE_PAM
#if !defined(SSHD_PAM_SERVICE)
Index: monitor.c
===================================================================
RCS file: /cvs/openssh/monitor.c,v
retrieving revision 1.33
diff -u -r1.33 monitor.c
--- monitor.c 9 Nov 2002 15:47:49 -0000 1.33
+++ monitor.c 21 Dec 2002 11:39:06 -0000
@@ -118,6...
2002 Mar 27
0
[Bug 192] New: monitor.c:545: undefined reference to `auth_password with USE_PAM on
http://bugzilla.mindrot.org/show_bug.cgi?id=192
Summary: monitor.c:545: undefined reference to `auth_password
with USE_PAM on
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: kent at l...
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
...ect as a non-existant user.
>From auth1.c line 459
#elif defined(HAVE_OSF_SIA)
(sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(), pw->pw_name, NULL, 0,
NULL, "") == SIASUCCESS)) {
#else /* !HAVE_OSF_SIA && !USE_PAM */
At this stage pw could be NULL so obviously pw->pw_name isn't a valid
thing to do. Should this just be 'user'? I'm not even 100% sure of the
validity of passing NULL as collect function (acceptable in 4.0g manpage,
not mentioned in 4.0d manpage).
- Mike
--------------...
2001 Feb 22
0
Solaris and Latest snapshot (2001-02-21) (fwd)
...==================================
> RCS file: /var/cvs/openssh/session.c,v
> retrieving revision 1.80
> diff -u -r1.80 session.c
> --- session.c 2001/02/21 05:53:33 1.80
> +++ session.c 2001/02/21 16:28:40
> @@ -481,6 +481,10 @@
>
> session_proctitle(s);
>
> +#ifdef USE_PAM
> + do_pam_setcred();
> +#endif /* USE_PAM */
> +
> /* Fork the child. */
> if ((pid = fork()) == 0) {
> /* Child. Reinitialize the log since the pid has changed. */
> @@ -593,6 +597,11 @@
> ptyfd = s->ptyfd;
> ttyfd = s->ttyfd;
>
> +#ifdef USE_PAM...
2002 Mar 27
0
[Bug 191] New: compilation faills in auth1.c:392 `pw' undeclared when USE_PAM is on
http://bugzilla.mindrot.org/show_bug.cgi?id=191
Summary: compilation faills in auth1.c:392 `pw' undeclared when
USE_PAM is on
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindrot.org
Report...
2002 Mar 27
2
[Bug 191] compilation faills in auth1.c:392 `pw' undeclared when USE_PAM is on
http://bugzilla.mindrot.org/show_bug.cgi?id=191
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From mouring at eviladmin.org
2002 Mar 27
3
[Bug 192] monitor.c:545: undefined reference to `auth_password with USE_PAM on
...tion it should look something like this
(untested, and unsure if any other PAM tweaks are needed), but I won't commit
anything until someone says ya or na for it being correct.
passwd = buffer_get_string(m, &plen);
/* Only authenticate if the context is valid */
+#ifdef USE_PAM
+ /* Do PAM auth with password */
+ authenticated = authctxt->valid && auth_pam_password
+ (authctxt>pw,passwd);
+#else
authenticated = authctxt->valid && auth_password(authctxt, passwd);
+#endif
memset(passwd, 0, strlen(passwd));...
2017 Jan 04
2
[PATCH] Set KRB5PRINCIPAL in user environment
...gss-serv-krb5.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 795992d9..a12bb244 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -106,6 +106,11 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
} else
retval = 0;
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv("KRB5PRINCIPAL", (char *)client->displayname.value);
+#endif
+
krb5_free_principal(krb_context, princ);
return retval;
}
--
2.11.0
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...-r1.48 auth-passwd.c
--- auth-passwd.c 25 Sep 2002 23:14:16 -0000 1.48
+++ auth-passwd.c 20 Nov 2002 13:12:13 -0000
@@ -42,6 +42,8 @@
#include "log.h"
#include "servconf.h"
#include "auth.h"
+#include "buffer.h"
+#include "misc.h"
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
/* Don't need any of these headers for the PAM or SIA cases */
@@ -81,8 +83,10 @@
#endif /* !USE_PAM && !HAVE_OSF_SIA */
extern ServerOptions options;
+extern Buffer login_message;
+extern int password_change_required;
#ifdef WITH_AIXAUTHENTICATE...
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
...This also fixes a bug in the current TIS handling, it turns echo on
when doing TIS.
diff -uNr openssh-3.0.2p1.orig/auth-pam.c openssh-3.0.2p1/auth-pam.c
--- openssh-3.0.2p1.orig/auth-pam.c Fri Nov 9 12:22:17 2001
+++ openssh-3.0.2p1/auth-pam.c Fri Feb 15 02:17:19 2002
@@ -26,6 +26,8 @@
#ifdef USE_PAM
#include "ssh.h"
+#include "ssh1.h"
+#include "packet.h"
#include "xmalloc.h"
#include "log.h"
#include "auth-pam.h"
@@ -54,6 +56,8 @@
/* states for do_pam_conversation() */
enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
+...
2001 Jan 20
1
/etc/nologin and Solaris PAM bug
...ng SunOS 5.7, and
while I was testing it to make sure everything was working properly, I
noticed that when I used PAM to authenticate, rather than /bin/login, sshd
was not honoring /etc/nologin.
I took a real quick look through the source code and found this at line
1022 of session.c:
#ifndef USE_PAM /* pam_nologin handles this */
if (!options.use_login) {
Now that seems like it's probably the right way to handle /etc/nologin
under PAM authenticated linux systems, however there's one problem: Sun
doesn't ship SunOS with a pam_nologin.so module. pam_unix.so authenticates...
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
...and
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=150968
possible patch for first solution:
Index: session.c
===================================================================
--- session.c (revision 15)
+++ session.c (working copy)
@@ -394,8 +394,10 @@
session_proctitle(s);
#if defined(USE_PAM)
- if (options.use_pam && !use_privsep)
+ if (options.use_pam && !use_privsep) {
+ do_pam_session();
do_pam_setcred(1);
+ }
#endif /* USE_PAM */
/* Fork the child. */
@@ -531,8 +533,10 @@
#if defined(USE_PAM)
if (options.use_pam) {
do_pam_set_tty(s->tty);
- if (!u...
2001 Sep 06
1
lastlog on Solaris with PAM (patch included)
...th PAM. See comments for details.
diff -ur openssh-2.9p2.dist/session.c openssh-2.9p2/session.c
Index: openssh-2.9p2/session.c
--- openssh-2.9p2.dist/session.c Sat Jun 16 23:40:51 2001
+++ openssh-2.9p2/session.c Thu Sep 6 11:48:04 2001
@@ -456,10 +456,6 @@
session_proctitle(s);
-#if defined(USE_PAM)
- do_pam_setcred(1);
-#endif /* USE_PAM */
-
/* Fork the child. */
if ((pid = fork()) == 0) {
/* Child. Reinitialize the log since the pid has changed. */
@@ -509,6 +505,13 @@
perror("dup2 stderr");
#endif /* USE_PIPES */
+#if defined(USE_PAM)
+ /* pam_setcred might print...