search for: vintela

I'm wondering if anyone on the Samba mailing list has seen this problem with Vintela VAS and Samba. ---------- The problem I am having is that Vintela VAS knows about the groups in AD but Samba only seems to recognize a user's primary group in AD. So, if I chgrp a file or directory in Solaris to anything other than a user's primary group and share it out via samba, a us...

...Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com The autoconf.ac test for a broken vsnprintf sets BROKEN_SNPRINTF instead of BROKEN_VSNPRINTF. This causes breakage on HP-UX 11.00, because the (otherwise usable) snprintf prototype in stdio.h doesn't agree with the replacement provided by OpenSSH. Output from openssh-SNAP-20051213's...

...ps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at vintela.com The early call to setpcred() in do_setusercontext() seems to drop the euid to the user's uid on AIX5.1. This stops the future call to initgroups() from working if setpcred() doesn't get the supplementary group list right. Which it doesn't with PAM. The symptoms are a 'success...

...GSSAPI names Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com ssh_gssapi_import_name() passes a string through a GSSAPI buffer that is one byte too long. This seems to occasionally cause problems, like spurious garbage characters appearing at the end of realms. ------- Additional Comments From dleonard at vintela.com 2005-08-08 23:33 ------- Created a...

...Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com a minor nit-pick; a comment in the sample ssh_config mispells GSSAPIDelegateCredentials as DelegatCredentials ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...icate Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: AIX Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com keyboard-interactive is currently only supported for PAM. AIX's authenticate() function is only used by the 'none' and 'password' methods and is pretty horrid (see bug 908). This is an enhancement bug to provide a kbd-int device for AIX authentication. ------- You ar...

...ropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com pam_open_session() is being called with euid/uid set to the authenticated user (instead of root) It seems that do_setusercontext() calls setpcred() early, but setpcred() has the effect of setting uid/euid to the authenticated user. This can't be undone, and the subsequent calls to do_pam...

Hello all, I'm gearing up for an RPM deployment of 4.2p1 on SuSE (SLES 9). However, the files under contrib/suse in the OpenSSH distribution appear to be out-of-date. In particular, SuSE seems to handle init scripts quite differently now. So, is anyone building local RPMs for SuSE? If so, could you post the .spec file you are using? Is there any interest in updating the contrib/suse

...} You have new mail in /var/spool/mail/sellswor sellswor at sethe:~/tmp/2/openssh-5.5p1> Thoughts? Am I approaching this wrong, and this shows a mis-configured machine? ( happens on multiple machines, all default setups connected to IPV4 networks ). --- Seth Ellsworth Vintela Development The people and products of Vintela are now a part of Quest Software. Read the press release<dhtmled5://exchweb/bin/redir.asp?URL=http://www.quest.com/news/show.asp?ContentId=1826%26ContentTypeId=2%26site=> to learn more.

http://bugzilla.mindrot.org/show_bug.cgi?id=1028 ------- Additional Comments From dtucker at zip.com.au 2005-07-14 13:57 ------- Does the attached patch fix the issue you're seeing? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...Product: Portable OpenSSH Version: v4.5p1 Platform: Other OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com contrib/findssl.sh is very handy, but assumes that 'which' is always available, which it isn't. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Good evening- I am a systems engineer with BAE Systems and am looking to solve a Single Sign-On and file access issue using Vintela Authentication Services (VAS) and Samba. This is to be accomplished on Solaris 9 (0904) workstations and function within an Active Directory environment (e.g. Windows Server 2003). VAS is currently advertising that the capability exists to integrate Samba with Active Directory and Kerberos in a wa...

>What are you actually using for authentication ? We are using Quest Authentication Services (formerly Vintela Authentication Services), which is a Kerberos/LDAP/Active Directory client for UNIX & Linux. Authentication and Identity Mapping appears to work correctly, I can log on and see my uid/gid/correct groups list with SSH and group-based access for files and directories appears to work correctly th...

Hello all, I am doing some tests for an SSO for our Windows workstations using Kerberos without ADS. So far, Windows client can obtain the ticket from the Heimdal KDC and it's possible to login to SSH servers using Vintela Putty. I am now trying to use the Kerberos credentials to access Samba shares. I can mount the shares using my Kerberos tickets from a Linux and I see the service ticket for cifs/FQDN but it doesn't work from Windows. When connecting to a share I can see that the negotiation phase offers K...

I''m guessing this is a common use case, but I wasn''t able to find anything in the site FAQ. We''re looking at using Puppet on about 100 servers to control which user groups have access to which servers. The use case is as follows: We have Groups of servers, for example: CUSTOMERservers (serverA, serverB, ...,serverK) ADMINISTRATIVEservers

...s Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at vintela.com The post-install script of the AIX install uses something like 'lsusers ALL | grep ssh' to see if the privsep user has been created. The trouble is that invoking 'lsusers ALL' takes TWO HOURS to complete at a particular site with thousands of users! The simple fix to contrib...

http://bugzilla.mindrot.org/show_bug.cgi?id=1028 dleonard at vintela.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|sshd does not forward non- |sshd does not forward final |query conversations to |non-query conversations to...

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 ------- Additional Comments From dleonard at vintela.com 2005-06-08 22:16 ------- a workaround at http://blog.macnews.de/unspecific/stories/4581/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...usernames Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com A feature of gssapi-with-mic authentication is that the username can be empty as the server should be able to figure out what username to use from the established credentials. 3.2 [...] "The user name may be an empty string if it can be deduced from the results of the GSSAPI authe...

...Product: Portable OpenSSH Version: v4.5p1 Platform: Other OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Documentation AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com The -h option is not itemizd .Fl h Display a summary of options. The ".Fl h" needs to become ".It Fl h" Also, the word "Random" after .Nd should be all lowercase to be consistent with the other manual pages. ------- You are receiving this mail because:...