similar to: [Bug 789] pam_setcred() not being called as root

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

http://bugzilla.mindrot.org/show_bug.cgi?id=1339 Summary: pam_dhkeys doesn't work (PAM_REINITIALIZE_CRED without PAM_ESTABLISH_CRED) Product: Portable OpenSSH Version: 4.6p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support

https://bugzilla.mindrot.org/show_bug.cgi?id=2549 Bug ID: 2549 Summary: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=918 Summary: ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

https://bugzilla.samba.org/show_bug.cgi?id=3392 Summary: fuzzy misbehaving if source is a file Product: rsync Version: 2.6.6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: egmont@uhulinux.hu

http://bugzilla.mindrot.org/show_bug.cgi?id=926 ------- Comment #8 from djm at mindrot.org 2006-05-22 15:12 ------- I don't understand - surely the limits should be applied in the *child* process and not the parent process? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

http://bugzilla.mindrot.org/show_bug.cgi?id=871 Summary: request for idn (intl domain names) support Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org

Hi, I was investigating why I don't see any warnings from pam_ldap indicating the pending expiration of passwords as well as for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account() does not have a conversation function. Also, there is a function print_pam_messages (currently empty) which look suspiciously like it is ear marked to show just those error messages: /* auth-pam.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2548 Bug ID: 2548 Summary: Make pam_set_data/pam_get_data work with OpenSSH Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee:

http://bugzilla.mindrot.org/show_bug.cgi?id=969 Summary: early setpcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

http://bugzilla.mindrot.org/show_bug.cgi?id=189 ------- Additional Comments From stevesk at pobox.com 2002-04-01 17:49 ------- why should pam_setcred() failures not be treated as fatal? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

https://bugzilla.mindrot.org/show_bug.cgi?id=2399 Bug ID: 2399 Summary: openssh server should fatal out when pam_setcred and pam_open_session fail Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2380 Bug ID: 2380 Summary: [PATCH] Optionally allow pam_setcred to override gid Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (ssh) session was

Dear all, I've been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the

http://bugzilla.mindrot.org/show_bug.cgi?id=1113 Summary: Add Interix authentication support Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: tv at