search for: xsso

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? My interpretation is: You call PAM_ESTABLISH_CRED to create them You call PAM_REINITIALIZE_CRED to update cre...

...ros ticket. Oops. I meant PAM_REFRESH_CRED >PAM_RENEW_CREDS is there for credential renewal (i.e., ticket renewal, >in the Kerberos case). That's clear from its name. It is called PAM_REFRESH_CRED. >PAM_REINITIALIZE_CREDS is, well, completely undocumented (I'll recheck >the XSSO docs). The OpenSSH interpretation is clear. Agreed and it is very ambiquous. I think it is quite easy to make the assumption that ESTABLISH and REINITIALIZE care synonymous but both are different from REFRESH. >And, IMO, as I think about it, the OpenSSH interpretation makes plenty >of sens...

Hi All,

...> > standard on linux and solaris). I've never heard of PAM_NTdom, > > but you can find PAM docs on the Sun support site, as well as in > > your linux /usr/doc tree. > > This is by no means the case. PAM is originally the work of Sun > Microsystems, and there is an XSSO spec; it was only a couple of > years ago that RedHat became the first Linux distro to support it by > means of the Linux-PAM package. Since then, several other distros > have moved toward accepting it, but I don't know that any of them > recommend, let alone enforce, the use of PA...

https://bugzilla.mindrot.org/show_bug.cgi?id=1534 Summary: openssh calls pam functions in the wrong order on logout Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 ------- > OpenSSH traditionally would not even start PAM, and > now starts it specifying 'NOUSER' as the login name. We have always used NOUSER, the recent patch just makes it consistent between protocols 1 and 2. > The second is to prevent username guessing

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

https://bugzilla.mindrot.org/show_bug.cgi?id=1681 Summary: conversation function for passwd auth method assumes instead of fail Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo:

Hey, so i finally got it working thanks to your list (found the right place for EnablePlainTextPassword here, the existing 3-4 matches in the default registry don't seem to do a thing). It was all brilliant. I got connected to all my 4 samba servers. I was happy... 'til the next boot (you know, during installation of system, boots happen). Now it connects to 3 sambas (1 on FreeBSD, 1 on