similar to: [Bug 698] fixed bug in calling pam_setcred

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (ssh) session was

http://bugzilla.mindrot.org/show_bug.cgi?id=529 postadal at suse.cz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From postadal at suse.cz 2004-02-24 21:28 -------

https://bugzilla.mindrot.org/show_bug.cgi?id=2549 Bug ID: 2549 Summary: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=698 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | Summary|Specify FILE: for credential|Specify FILE: for KRB5CCNAME

http://bugzilla.mindrot.org/show_bug.cgi?id=189 Summary: pam_setcred() failures should not be treated as fatal Product: Portable OpenSSH Version: 3.1p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2399 Bug ID: 2399 Summary: openssh server should fatal out when pam_setcred and pam_open_session fail Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5

Hi, I search in archive list if there any reason why is removed in openssh newer than 2.9.9 from function 'void session_close_by_channel(int id, void *arg)' sending of SIGTEMR and SIGHUP signals to child as was in 2.9.9 version? See follow sniped code from 2.9.9 sources: ---- openssh-2.9.9/session.c ---------------------------------------- void session_close_by_channel(int id, void

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

Hi there, well, I just upgraded to OpenSSH 3.7.1p2 and noticed the GSSAPI-Changes. Well it worked like a charm. No PAM, no problems while authenticating to Kerberos 5. But now there is a small problem. We need an pam module called pam_gssklog.so to authenticate. This modules obtains a token from the kerberos ticket. The single executable (which is execle'd out of the pam module) works if

https://bugzilla.mindrot.org/show_bug.cgi?id=2380 Bug ID: 2380 Summary: [PATCH] Optionally allow pam_setcred to override gid Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

Hi, I have a strange problem with authentication. Some users can successfully authenticate and some users can not authenticate. All users use the same client (thunderbird-1.5.0.2-win32-de). At the problematic users i get the following error message: ============ snip =================== auth(default): client in: AUTH 8 PLAIN service=IMAP secured lip=10.24.1.6 rip=10.211.11.1

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

Robert Schetterer wrote: > Alex Persson wrote: >> Robert Schetterer wrote: >>> Alex Persson wrote: >>>> After upgrading from Ubuntu 16.04 to 18.04 printing via SMB-Kerberos no longer works (printing still works in 18.04 when I print via SMB but I don't want to have the password stored in clear text in /usr/lib/cups/backend/smb). >>>> >>>>

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

https://bugzilla.mindrot.org/show_bug.cgi?id=2815 Bug ID: 2815 Summary: please set KRB5CCNAME to collection Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support Assignee: unassigned-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=189 ------- Additional Comments From stevesk at pobox.com 2002-04-01 17:49 ------- why should pam_setcred() failures not be treated as fatal? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello. I'm wondering how one would go about configuring dovecot to invoke pam_setcred() from the same process as (or a parent process of) the process which eventually reads the user's mail off the disk. This is required for pam modules that set kernel-level credentials which are later used to access the user's mail files. In particular, I'm trying to use dovecot with pam_krb5

> > I should have mentioned this earlier, but the users does not exist > > in /etc/passwd, instead they are in LDAP and when they log in to the > > computer they get some Kerberos tickets for the domain and the file > > system. When printing on 14.04 they get another Kerberos ticket for > > the printing system according to "klist" after they have done

http://bugzilla.mindrot.org/show_bug.cgi?id=529 Summary: sshd doesn't work correctly after SIGHUP Product: Portable OpenSSH Version: 3.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: