search for: verify_response

Displaying 8 results from an estimated 8 matches for "verify_response".

2003 Jan 31
0
verify_response() patch
A non-text attachment was scrubbed... Name: auth-chall.diff Type: text/x-patch Size: 981 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030131/3bbba852/attachment.bin
2001 Jun 03
1
OPIE support patch
...rt */ +#undef OPIE + /* Define if you want S/Key support */ #undef SKEY diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c --- org/openssh-2.5.2p2/auth-chall.c Mon Mar 5 07:59:27 2001 +++ openssh-2.5.2p2/auth-chall.c Sun Jun 3 18:34:43 2001 @@ -67,7 +67,7 @@ debug("verify_response: <%s> = <%d>", response, authok); return authok != 0; } -#else +#else /* BSD_AUTH */ #ifdef SKEY #include <skey.h> @@ -88,6 +88,25 @@ skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, response) != -1); } +...
2003 Mar 31
1
resource leak in ssh1 challenge-response authentication
If an ssh1 client initiates challenge-response authentication but does not submit a response to the challenge, and instead switches to some other authentication method, verify_response() will never run, and the kbdint device context will never be freed. In some cases (such as when the FreeBSD PAM authentication code is being used) this may cause a resource leak leading to a denial of service. The attached patch adds abandon_challenge_response() to auth-chall.c, and code to auth...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different
2006 Sep 12
1
openssh (OpenBSD) , bsdauth and tis authsrv
nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...**deny_groups; +}; + + /* * Keyboard interactive device: * init_ctx returns: non NULL upon success @@ -133,6 +147,7 @@ void auth2_challenge_stop(Authctxt *); int allowed_user(struct passwd *); +int auth_allowed_user(struct passwd *, Authaccess); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); Index: auth2.c =================================================================== RCS file: /cvs/openssh/auth2.c,v retrieving revision 1.91 diff -u -r1.91 auth2.c --- auth2.c 26 Feb 2002 18:09:43 -0000 1.91 +++ auth2.c 28 Mar 2002 16:44:29 -0000 @@ -51,6 +51,7 @@ #inclu...
2001 Mar 13
0
[PATCH] openssh 2.5.1p2 TIS authserv support
...hal; + + if (authctxt->pw) { + tis_chal = tis_authenticate(authctxt->tis, authctxt->pw->pw_name); + } + else { + tis_chal = tis_fake_challenge(); + } + strlcpy(challenge, tis_chal, sizeof(challenge)); + xfree(tis_chal); + + return challenge; + } + return NULL; +} + +int +verify_response(Authctxt *authctxt, char *response) +{ + int res; + + if (!authctxt->tis) { + res = 0; + } + else { + res = tis_response(authctxt->tis, response); + tis_free(authctxt->tis); + authctxt->tis = NULL; + } + return res && authctxt->valid; +} + +#elif SKEY #include <skey....
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the