similar to: [Bug 563] getaddrinfo() in libopenbsd-compat.a breaks heimdal-linked pam_krb5

http://bugzilla.mindrot.org/show_bug.cgi?id=563 Summary: getaddrinfo() in libopenbsd-compat.a breaks heimdal- linked pam_krb5 Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|822 |914 nThis| | ------- Additional Comments From dtucker at zip.com.au 2004-08-17 19:08 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

http://bugzilla.mindrot.org/show_bug.cgi?id=859 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|914 |994 nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-03-07 16:12

OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility is needed. Signed-off-by: Rosen Penev <rosenp at gmail.com> --- ssh-keysign.c | 1 + ssh_api.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ssh-keysign.c b/ssh-keysign.c index 744ecb4f..bcd1508c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -40,6 +40,7 @@ #include <openssl/evp.h> #include

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Hello, Prequalify: I'm quite a novice w/ Kerberos, so my terminology and assumptions may be rough. Also, please CC me since I'm not a list subscriber. I'm running a fairly recent -STABLE [1] and have installed the base Heimdal Kerberos implementation via the MAKE_KERBEROS5 knob in /etc/make.conf. I'm having the problem that I don't see a cached credential file being created

First time poster so be kind :) I was looking at the pam_krb5.c code and noticed that for authentication to succeed getpwnam() has to succeed. Previously I had setup a web site using mod_auth_pam to authenticate against an active directory (AD) server using a pam config like: # auth auth required pam_krb5.so no_ccache no_warn # account account required

Greetings ... Have a question, was is the advantages of use pam_winbind verses pam_krb5 for Samba user authentaction? I mean, if I point my Linux box Kerberos to a Win2003 AD server, I am able to authenticate my users out of AD, but at the moment still having problems with winbind and nsswitch. Is there an advantage to using pam_winbind instead of pam_krb5? Mailed Lee

Hi, Just writing here my note about auth_default_realm, pam_krb5 and gssapi. It seems that 'pam' passdb and 'gssapi' auth_mechanism doesn't honor 'auth_default_realm' setting, at least in several setups I deal with. Here is a part of the config: passdb { args = max_requests=100 cache_key=%u%r dovecot driver = pam } auth_default_realm = REALM.COM

Hi all, I am just after some opinions about the pros and cons of winbind compared to the 'standard' kerberos and ldap methods. I've have already got single sign on working with pam_krb5 and nss_ldap (using SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as clients/'member servers', and integration of Samba is the next bit I'm looking at. The impressions

http://bugzilla.mindrot.org/show_bug.cgi?id=127 Summary: PAM with ssh authentication and pam_krb5 doesn't work properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

with the following pam.conf entries, after being prompted for a login password the connection is closed: other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass the system logs the error: sshd[4215]: fatal: input_userauth_info_response_pam: no authentication context if the pam.conf entry is changed to the

http://bugzilla.mindrot.org/show_bug.cgi?id=128 Summary: PAM with ssh authentication and pam_krb5 doesn't work properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=228 Summary: pam_krb5 on Solaris creates credentials with wrong owner Product: Portable OpenSSH Version: 3.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

A few weeks ago, we upgraded our Red Hat 7.3 and 9 machines to OpenSSH 3.6.1p2 w/ the corresponding version of Simon's GSSAPI patch. All the expected functionality seems to be there: I can ssh/scp/sftp via Kerberos tickets or local password. However, I seem to be getting a new error message in my logs: For Red Hat 7.3: Message from syslogd at gallifrey at Thu Oct 2 17:24:12 2003 ...

CentOS Errata and Security Advisory 2008:0907 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0907.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 170d6bff250c6421af85fe945afac813 pam_krb5-2.2.14-1.el5_2.1.i386.rpm 52cd3e3625edcd04e98bef7f50c4e19d pam_krb5-2.2.14-1.el5_2.1.x86_64.rpm Source:

CentOS Errata and Bugfix Advisory 2010:0529 Upstream details at : https://rhn.redhat.com/errata/RHBA-2010-0529.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: pam_krb5-2.1.17-8.el4_8.1.i386.rpm pam_krb5-2.1.17-8.el4_8.1.x86_64.rpm Source: pam_krb5-2.1.17-8.el4_8.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ }

CentOS Errata and Bugfix Advisory 2011:1016 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1016.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 3720267fe5df2bfb732084f67ecfc7c6 pam_krb5-2.2.14-21.el5.i386.rpm 2806603ba5624fbef4c756b058c971ad pam_krb5-2.2.14-21.el5.x86_64.rpm Source:

openssh-unix-dev at mindrot.org kerberos at ncsa.uiuc.edu We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5 module. When a Kerberos principal has the REQUIRES_PWCHANGE (+needchange) flag set, OpenSSH+pam_krb5 will still successfully authenticate the user. Local 'su' and 'login' fail in this case which leads us to believe it's at least