similar to: [Bug 757] KRB5CCNAME inherited from root's environment under AIX

http://bugzilla.mindrot.org/show_bug.cgi?id=757 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #498 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:44 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=757 Summary: KRB5CCNAME inherited from root's environment under AIX Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

http://bugzilla.mindrot.org/show_bug.cgi?id=372 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From dtucker at zip.com.au 2004-01-22

http://bugzilla.mindrot.org/show_bug.cgi?id=698 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | Summary|Specify FILE: for credential|Specify FILE: for KRB5CCNAME

http://bugzilla.mindrot.org/show_bug.cgi?id=1165 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #6 from dtucker at zip.com.au 2006-06-23 19:56

http://bugzilla.mindrot.org/show_bug.cgi?id=1165 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #7 from dtucker at zip.com.au 2006-10-07 11:44 ------- Change all RESOLVED bug to CLOSED with the exception

http://bugzilla.mindrot.org/show_bug.cgi?id=270 ------- Additional Comments From dtucker at zip.com.au 2002-06-09 19:59 ------- Created an attachment (id=111) sshd output on AIX w/PrivSep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=355 ------- Additional Comments From dtucker at zip.com.au 2002-08-25 18:10 ------- It looks like the call to loginsuccess() fails because it's done as a non-privileged user. This is bad because in addition to generating the message it also clears the failed login counter that leads to account lockout. The following patch fixes it for me

http://bugzilla.mindrot.org/show_bug.cgi?id=712 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | Status|NEW |ASSIGNED ------- Additional

https://bugzilla.mindrot.org/show_bug.cgi?id=1081 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1144 is|0 |1 obsolete| | --- Comment #3 from Darren Tucker <dtucker at

http://bugzilla.mindrot.org/show_bug.cgi?id=261 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|other |AIX ------- Additional Comments From dtucker at zip.com.au 2002-06-06 21:22 ------- I finally got a chance to try this. I got compile

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

Hi All. New AIX packages of OpenSSH 3.6.1p1 are available for download at [1]. There are two tarballs, one for the as-distributed code and one with the password expiration patch. Each tarball contains binaries for AIX 4.x and AIX 5.x. The usual caveats apply (see page). These packages have been more popular than I ever thought they'd be. They are about to clock up the one thousandth

http://bugzilla.mindrot.org/show_bug.cgi?id=270 Summary: PrivSep breaks sshd on AIX for non-root users Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Hi All, I have found that the regression tests on AIX failed as a non-root user. This is due to a call to loginrestrictions() failing. The man page for loginrestrictions says: "Access Control:The calling process must have access to the account information in the user database and the port information in the port database." These files are: /etc/security/user,

Hi All. If anyone wants them, SMIT installable .bff packages of 3.3p1+privsep for AIX 4.[23].x are available for download from the link below. The usual caveats apply (see page). Link: http://www.zip.com.au/~dtucker/openssh/ -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the

Hi All. The 3.3p1 packages became obsolete even faster than I expected! I've just put up SMIT installable .bff packages of 3.4p1 for AIX 4.[23].x at the link below. The usual caveats apply (see page). Link: http://www.zip.com.au/~dtucker/openssh/ -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with

Hi All. AIX native installp/SMIT installable packages of openssh-3.5p1 are now available. There are 2 packages: openssh-3.5p1-1 which contains the PermitRootLogin patch and openssh-3.5p1-1x which also contains the (experimental) password expiration patch. I'm still interested in feedback on the password expiration patch, so if you choose to download the package with it, please let me know

http://bugzilla.mindrot.org/show_bug.cgi?id=178 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #51 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2002-10-20 16:19 -------